Thanks to Marc Samma and Perry E. Metzger for the information they forwarded to me. Basically, it is not much of an issue. The size of the key broken (430 bits) is much smaller than your standard military-grade keysize in PGP (1024 bits). The math done on the RSA-129 message was very advanced; yet it took over 5000 mips-years to do the sieve function alone. A Gaussian elimination on the final matrix took 45 hours on a 16k MasPar MP-1. The sieving was done by 600 volunteers; no one individual or company (note I did not say agency) would be able to commit so many resources to one project. A cursory look at a public keyring I have shows that almost all of the people I know using PGP use 1024 bit keys, with only a few using 512 bit keys, and one using 384 bits (smaller than RSA-129). The strength in a 1024-bit key lies in the fact that it becomes exponentially harder to factor with size - doubling does not just double the time it would take to factor; it increases it by a huge number (hey, I dropped Calc 3...) That's my summary. :) If you reply, please don't reply to the whole list, just to me. This list isn't for crypto discussions. cc