At 10:28 AM 2/8/96 -0500, anonymous@freezone.remailer wrote:

I downloaded this so-called "report". It doesn't even mentions PGP. Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA) want you to only use 90 bits for your keys and why they've never heard of PGP...

Anyone who listens to crypto advice from people who's purpose in life is to listen to *YOU* gets what they deserve. I'll stay with PGP which has a 2048 bit key.

Ummm, apples and oranges. The report focused on symmetric-key algorithms. Also, the recommendation was for a *minimum* of 90 bits. I'm sure the authors would be ecstatic to see *128-bit* (not 2048) IDEA like PGP (or does PGP encrypt with RSA, too? I thought it only used RSA for signing. I admit it. I don't know). The purpose of the report was not "90 bits is good." It was "40 bits is *really* bad." Karl