ben@Tux.Music.ASU.Edu and joshua@cae.retix.com both suggest ways to choose passwords/phrases--things no normal person will do. What do we do about a population which thinks a 4-digit PIN is secure? If people use their current ATM PINs--and a lot of computer users *do* when they are allowed--there will be problems: if we want privacy we had better figure out how to give everyone privacy. Part of my original post was cribbing from a paper I once read on the security of crypt on Unix machines. It talked of multiple applications of crypt to slow down brute-force password cracking. Should things like PGP use this technique in protecting the secret key? Does a million encryptions equal 10-bits added to the key? (Assuming the million encryptions cannot be composed into a single equivalent encryption.) -kb -- Kent Borg +1 (617) 776-6899 kentborg@world.std.com kentborg@aol.com Proud to claim 31:15 hours of TV viewing so far in 1994!