++++++++++++++++++++++++++++++++++++

Rumor has it that certain government applications do Diffie Hellman with 2K-bit moduli. Given the apparent connections between factoring and discrete logarithm (the complexity formulas seem to look very much alike), it appears that at least one user feels that keys longer than 1K bits provide a desirable safety margin.

I'm still not sure that I understand the original argument against using keys that are "too long" by someone's standards. Nor am I sure the analogy holds up. It would be the security equivalent of saying that it's "paranoid" to put strong locks on your front door because your windows are made of glass, and are thus easier to break than the door. The fact is, most burglars would rather not break a window, if possible, because it's a glaring sign of forced entry visible even while they're in the process of burgling, it's noisy, and they could get cut, leaving blood samples behind and causing themselves pain. Sure, hypothetically, it might be "easier", in a given case, to monitor RF (Tempest) leakage vs. breaking a 1K+ key. OTOH, it would also require putting monitoring equipment at every Internet user's site vs. collecting and cracking keys at a centralized location. Of course, if someone wants to leave his front door unlocked for fear of being labelled "paranoid", that's his prerogative, I suppose. Just don't ridicule others who are more security conscious! +++++++++++++++++++++