I'm not out for an argument and, as I said, the 80/90 bits figure isn't from me and it's from memory. If you want, I can forward your mail to my colleague as a question.
Wasn't arguing, was just making sure people understand that an 80 bit key, a 90 bit key and a 112 bit key are _SIGNIFICANTLY_ different (i.e. not just 10 times harder), something many people have getting a grasp on (2^10 is easy, 1024, but a difference of 3^32 which is 4billion+? 4billion is a beeeeeg number, I can't imagine 4 billion of anything in a concrete manner). As well any reasonably fast keybreaking typically requires absurdly (for now anyways) fast key factoring systems to brute force it. We're just getting seriously into terraflops, let alone a machine capable of terra-operations that would require many many flops =).
Don't confuse asymettric and symmetric key lengths, though. The latter are currently no higher than 320 bits, while those of the main proponents of the former, namely RSA or DH/DSA, aren't lower than 512 bits and should be 1024+. RSA is worthless unless the primes are large enough.
Dah. But then you can do things like 3des which is usually 2 keys for an effective length of 112, but the attacker has to do 3 crypto operations, so an attack becomes expensive. Imagine the keyscape of 3pgp (yes I know pgp is a program and not the algorithm used for crypto, but you get the idea ;). 99 times out of 100 with modern crypto it's weak passphase/mistake in key recovery/creation/etc that does it in, the math is rarely wrong, unless it's a closed system or amateur system (something to be learned from that I think).
Cheers Tobias
-Kurt