I spoke to Bruce today about what key length to use. I asked him because a
few months ago we had a casual conversation and he said he was more
confident of Twofish at 128 bits than 256 bits. I brought it up again,
mentioning we're discussing putting it in OpenPGP (and he is delighted
about that).
Anyway, he first said to do it at 128 bits and then said, "Wait a minute --
it doesn't cost you anything to go to the full 256?" and I said it didn't.
"Then do 256" he replied.
I discussed our previous conversation, and he said that his doubt is merely
that he is not convinced that the 256-bit keys are fully exponentially
stronger than 128. I think this is reasonable, and have the same doubts
myself about all the present generation 256 bit cyphers. So no biggie, really.
Does anyone *not* want to do 256? Send me private mail if you don't want to
be seen as a party-pooper, but have concerns. I launder information real well.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 3965 Freedom Circle
Network Associates, Inc. Santa Clara, CA 95054
(408) 346-5860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)