In message <Pine.BSO.4.61.0509152158060.29212@af.pbqrshfvbavf.pbz>, Ted Unangst
 writes:
>On Thu, 15 Sep 2005, Michael Richardson wrote:
>
>> John Gilmore suggested that 2048 is the wrong number. One should add
>> ~100 to that number.  
>> 
>> The concept being, if someone builds a machine that can crack 2048-bit
>> numbers, it won't be able to do 2049-ones. A machine that can do 2049
>> may well be able to 4096. So, you get the brute-force resistance of 4096
>> (in terms of $$$ to build) without the cost. 
>> 
>> This is not a technical argument -- it is an economic one.
>
>hopefully there is some sort of technical argument to support this 
>"factoring machines only come in powers of two" idea?  without any more 
>detail, it kinda sounds like "256 bit keys are twice as hard to crack as 
>128 bit keys".
>

I don't believe there is any such limit.  However, the cost of these 
machines is *highly* non-linear in the key size.  

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb