Wasn't arguing, was just making sure people understand that an 80 bit key, a 90 bit key and a 112 bit key are _SIGNIFICANTLY_ different

Agreed, people generally have difficulty grasping the exponential increase in the difficulty to break a key by increasing its number of bits.

Dah. But then you can do things like 3des which is usually 2 keys for an effective length of 112, but the attacker has to do 3 crypto operations, so an attack becomes expensive. Imagine the keyscape of 3pgp (yes I know pgp is a program and not the algorithm used for crypto, but you get the idea ;).

I s'pose you mean the asymmetric part in PGP's operation (you and I and many others, but some not, know that it employs hybrid cryptography). The question that remains though, is, can it work the way Triple-DES works. Triple-DES is only good if the order of operations is encrypt with key 1, *decrypt* with key2, encrypt with key 1 or 3, depending on how many 56-bit keys you have. I'm not sure that this applies to other algorithms in a similar manner. Could be you're just doubling the difficulty by encrypting again with a key of same length as the first, not exponentiating it.

99 times out of 100 with modern crypto it's weak passphase/mistake in key recovery/creation/etc that does it in, the math is rarely wrong, unless it's a closed system or amateur system (something to be learned from that I think).

Agreed. Tobias