At 10:02 AM 1/4/96 -0800, you wrote:

All that being said, I believe that 128 bits is sufficient for a symmetric key and 2048 for a public key. Our paranoia would be far better directed at as yet unknown attacks on the algoritms involved or the specific implementations of cryptographic systems. Paul Kocher's recent timing attack is a perfect example of what we should be afraid of.

Exactly! I agree. There is plenty of work that can be directed towards the hardware arena, for example. Better filters (AC, telephone, keyboard cable), untamperable hardware (keyboards come to mind, for instance: Design one whose RF "signature" can't be read remotely), a push towards the use of thin-film-type displays that don't radiate (much) in the RF spectrum, automatic over-write of unused data areas in hard/floppy disks (including the (unallocated) space at the ends of files), etc.