I have myself speculatively created a PGP with 4096 bit keys, but not distributed it, I just wanted to investigate the speeds of RSA operations on 4096 bit keys. I personally think that it is time for PGP to move on to larger keys, the arbitrary limit of 1024 or 1264 or whatever seems restrictive. You should be able to use as much security as you need without having to resort to hacked versions. I have heard the figure of 3000 bits RSA being as hard to break as 128 bit IDEA, however I understand that IDEA is a relatively new algorithm and has not seen nearly as much exposure to analysis as DES. For this reason I think that the proposed 3DEA code is probably in line with going to 4096 bit keys. If you were one of the people using DES under the impression that it was good for many years you should be worried now as the cost of breaking DES has been estimated at $1m. No doubt in 10 years time this figure will be achievable for much less cost. How would you feel when it gets to the stage that your messages could be cracked overnight on a bit of spare workstation time? For this reason I think that the next version of PGP should have the ability to specify n IDEA rounds, and arbitrary RSA key sizes. That should get the problem overwith once and for all. The attitude that 1024 bits should be good for the hundreds of years seems nieve and similar to IBMs 640k limit on DOS at the time 640k no doubt seemed like a *huge* ammount of memory, I'm now typing in a text editor which has a binary of 1.8Mb, on a m/c with 80Mb main memory. One more thing, I think that it should be developed *outside* of the US, at least until that ITAR thing gets thrown out. The argument that it would take a googol years to break PGP with current hardware doesnt hold either as RSA is not proven to be equivalent to factoring, and better factoring algorithms are presumably still possible. However for the people in the US there are still problems with sorting out a license from PKP which allows unlimited key lengths, and for these reasons it may be worth waiting to see if this can be achieved. Adam