Asymmetric Key sizes

[Denis.Russell@ncl.ac.uk]

At 10:01 -0800 10/2/99, Paul Leyland wrote:
>...
>It has been possible to break 512 bit keys for several years....
>...  As for 768-bit keys, they would appear to be resistant to any
>reasonable attack with any reasonable amount of hardware.
...

I didn't get a clear feeling for what the prudent target should be. Paul
says (above) that 768-bit keys should be OK now against "reasonable"
attack. Does this mean the worst realistic case that we can think of for
the present, and into the "foreseeable" future - a few years? How much more
prudent would 1024 bits be? What about putting things the other way round?
What's the problem with everyone going for 2048 now and (presumably)
putting things so far out of reach that attackers just give up?

	Denis.