On 30 Aug 2002, Perry E. Metzger wrote:
> Michael W Mitton <mmitton@hmcon.com> writes:
> > My data may not be worth a billion dollars, but I can be fairly certain
> > that I am part of a group ( a rather _large_ group ) whose combined
> > information is worth that.

If you're not paranoid enough to have already upgraded to larger keys (and
dealt with the specific challenges that may present for your
organization), then you likely do not need larger keys.

As for the organiztions that can afford to spend billions of dollars to
crack our keys (although they'd likely spend much less, since they'd
fabricate their own systems), the present paranoia warrenting disdain over
1024 bit keys must also point to the possibility that they've been able to
crack our keys long before now.

Weigh the value of your organization's core assets, and take appropriate
action.  Nothing has really changed simply because an email was sent to
Bugtraq.  The same risks present today were in some way present last year,
or as far back as your paranoia dictates.

I'm not sure who cross-posted to so many lists.  My apologies if this
isn't appropriate to any included targets.  I intend this message for
freebsd-security, but do not like to delete/alter To/CC lists in threads I
did not start.

Later,
-Mike