Cypherpunks: The evolution of the discussion here regarding passwords or passphrases is a telling indicator, and one which people here should think about, because you are reinventing the NSA. You start with a desire for privacy/secrecy, and so you create a package as a functional cryptosystem. The requirements of the cryptosystem, however, makes memorization of the cryptographic key non-trivial (and nobody here suggests offline storage, as the NSA primarily uses); this causes you to use an access control mechanism that protects the key on a local basis. This then makes you think about armoured operating systems, physical security of the site, biometric security, signals emission, coersion methods, etc. It is a capsule history of the enemy, and I hope it helps you understand what created them; the major difference was that they had an available budget and potent adversaries. Imagine the cypherpunks sitting around and attacking their own system and others (Clipper, for instance), getting paid to write code, build hardware, whatever necessary to attack/defend, and with operational support and infrastructure. Quite educational, isn't it? Another brief observation you might want to think about in regards to the implications; the data in the public domain for cryptanalysis tends to be based primarily in the English language (frequency tables, dictionary attacks, etc.). Isn't it striking that so little of similar data has leaked out for what one can assume were the real targets--Russian, Arabic, German, etc.? Seems to be quite an effort to attack English-based systems. There also seems to be an unusual silence on what one would consider to be important cryptanalysis data--if you were NSA, wouldn't you be certain to suppress data that helped your adversary? Just food for thought. Is this a true emphasis or a Potemkin village? One benefit of being multilingual; all access codes that I need to remember are obscure phrases in little known dialects. I imagine they would look like gibberish to the uninitiated. Michael Wilson Managing Director, The Nemesis Group [I hope that the record of purchases made through the Maryland Procurement group are making their way from systems such as Mead Data and into private systems for analysis; warning, access of such data is expensive.]