tcmay says: ---- With strong crypto, e.g., with 300 decimal digit moduli, the "costs" of decryption by brute force could easily exceed the GNP/GDP of the U.S. ... bagged" the house, perhaps a simple pass phrase was used in lieu of memorizing 300 digits, and so on. ---- I've been wondering about this. It seems as though the weak point of PGP is one of three possible things: 1) RSA key length (a key length of 10 digits might be a good target, but noone using pgp uses anything so absurdly small, so this can be all but ruled out barring any huge jumps in factoring .. 2) 'conventional cryptography' used for encoding the secring.pgp files, etc. What crypto, exactly, is used? How strong is it? If the NSA knocked on the door and demanded your computer, would it try to crack your key, or would it go directly for the secring.pgp file? 3) length/triviality of pass phrase. This is, I would think, the weakest point mentioned yet. How long does the pass phrase have to be until this point becomes as secure as the weaker of the above two? If all bits of your passphrase were random, how long would an exhaustive search take? matt Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom@u.washington.edu phone: (206) 528-5732 PGP 2.0 key availaible via email or finger phantom@hardy.u.washington.edu