I'm not out for an argument and, as I said, the 80/90 bits figure isn't from me and it's from memory. If you want, I can forward your mail to my colleague as a question.
Don't confuse asymettric and symmetric key lengths, though. The latter are currently no higher than 320 bits, while those of the main proponents of
Wasn't arguing, was just making sure people understand that an 80 bit key, a 90 bit key and a 112 bit key are _SIGNIFICANTLY_ different (i.e. not just 10 times harder), something many people have getting a grasp on (2^10 is easy, 1024, but a difference of 3^32 which is 4billion+? 4billion is a beeeeeg number, I can't imagine 4 billion of anything in a concrete manner). As well any reasonably fast keybreaking typically requires absurdly (for now anyways) fast key factoring systems to brute force it. We're just getting seriously into terraflops, let alone a machine capable of terra-operations that would require many many flops =). the
former, namely RSA or DH/DSA, aren't lower than 512 bits and should be 1024+. RSA is worthless unless the primes are large enough.
Dah. But then you can do things like 3des which is usually 2 keys for an effective length of 112, but the attacker has to do 3 crypto operations, so an attack becomes expensive. Imagine the keyscape of 3pgp (yes I know pgp is a program and not the algorithm used for crypto, but you get the idea ;). 99 times out of 100 with modern crypto it's weak passphase/mistake in key recovery/creation/etc that does it in, the math is rarely wrong, unless it's a closed system or amateur system (something to be learned from that I think).
Cheers Tobias
-Kurt