Tom Rollins says:

Ahhhh, It is nice to know that people won't even TRY to crack big keys. Cracking, you know, is a lot like the lotto. You MIGHT guess the correct key on the first TRY. But, if you don't TRY, then you won't crack the key.

"Gotta play to win"

It is all a question of economics. Its one thing if your idle try has one in 10^6 chance of working, but if its one in 10^70 or something like that the attempt is pretty much pointless -- you are more likely to have a giant sack of gold hit you on the head. Even spending a penny on cracking something that way is uneconomical. Playing the lottery is an economic lose, plain and simple. Your expected return is a loss. Having a small number of your workstations that are otherwise idle trying to crack a DES key that would make you a million dollars is likely cost effective; your expected return is a win. Unless the NSA knows something very interesting about factoring that we don't (not merely an algorithm that is a constant factor of a million faster, say), trying to crack a 2000 bit RSA key is without question an economic lose. They could spend a lot less effort simply getting your key via "practical cryptanalysis". There is therefore no point in using a cryptosystem which would cost the enemy hundreds of billions of dollars to try to attack and then type in your key on a machine who's keystrokes can be monitored using $3000 in equipment. Which way would YOU try to get the keys, eh? Unless you are already doing all your encryption in a Faraday cage, I'd say that there is no conceivable point in using anything over a 2000 bit key -- indeed, there is probably no point in using such a key even if you are doing all your encryption in a Faraday cage. The benefit is minimal, and the cost, in terms of dramatically slowed performance, is very high. Using an 8000 bit key is like claiming you are stronger than the enemy because whereas he only has enough nuclear weapons to vaporize your city 15 times over you have enough to vaporize his 90 times over. Perry