this whole thread is really stupid. no matter how long you think
or anyone thinks it will take to crack some key, you still have to
consider that idea of that it will have to be worth their time. 
you're as safe as people dont care about your box. even if you had
a 128 bit key, think someone is actually going to spend time to 
crack your key so they can see your pr0n on your sparc 5? please...

it will have to be worth the time to the attacker to expend the 
effort on doing anything to you. who in their right mind would have
very valuable data, enough to be concerned about, on a box where you
are complaining about it taking too long to generate a key?? It 
seems best to have your most valuable data on boxes that would be
best suited for strong crypto, or at least enough to thwart people
that try. if you truely have data that you feel needs protected and
you dont think your current hardware and resources can provide what you
need, wouldnt it just be a must that you would have to aquire them?

i think leaving the way it is for now is fine, and if you feel that 
someone feels that they will try to crack your default key, then bump
it up. the fact is that most the world doesnt care about your computer
and will never try to crack anything of yours, except for kiddies here
and there looking for a bounce point, and i dont think they will even
try (there are just too many boxes out there that are easier). 

remember, that it has to be worth it to the attacker. now you just
need to ask yourself, "is my data valuable enough to warrant someone
attacking me and trying to spend alot of money, effort, and time into
getting it?". most likely no, but will it hurt bumping up your key size?
most likely no as well. 

-chris

ps -> can someone talk about trust issues next while we are at it? heh
      



Karsten W. Rohrbach writes:
 > Perry E. Metzger(perry@piermont.com)@2002.08.29 16:03:03 +0000:
 > [...]
 > > If you think that you have something new and exciting to tell me that
 > > I've never heard of before, check if it has been published in Crypto
 > > or Eurocrypt or something first. If you don't know enough to read
 > > those conference proceedings, you don't know enough to have an
 > > intelligent opinion on the cost of building a machine to run djb's NFS
 > > factoring ideas.
 > 
 > nice attitude. sounds a little bit like "640k is enough for everyone",
 > etc. understanding as much as to conceive a certain concept, or at least
 > to work out an "intelligent opinion" is based on thinking, cognitive
 > processes, not just being able to read and understand technoid gibberish.
 > 
 > 2002, not 1972. time to re-think certain concepts. together, not against
 > each other. ;-)
 > 
 > i clearly see your experience, your knowledge. you're in the business for
 > quite a while. clinging to your experience so tightly, evolving hardline
 > thinking, such as above, might prove to be an obstacle, though. new
 > inventions, technologies, just came into existence through people who
 > got their own ego out of the way, and did what they envisioned.
 > 
 > regards,
 > /k
 > 
 > 
 > --
 > > UNiX *IS* user friendly. It's just selective about who it's friends are.
 > WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD
 > http://www.webmonster.de/ - ftp://ftp.webmonster.de/ -
 > http://www.rohrbach.de/
 > GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
 > REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46
 > REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C  5F 0B E0 6B 4D CD 8C 44
 > My mail is GnuPG signed - Unsigned ones might be bogus -
 > http://www.gnupg.org/
 > Please do not remove my address from To: and Cc: fields in mailing lists. 10x
 > 
 > [demime 0.98d removed an attachment of type application/pgp-signature]