I suppose this is really addressed at Perry: Why was (single) DES chosen as the algorithm for the ESP part of IPSEC? If someone's IP traffic is being monitored and collected offline by some agency then they're going to get about a couple of hours of security while the special purpose key search hardware kicks into action. I know other algorithms can optionally be used, but surely it would have been better to have a second, stronger algorithm specified mandatory as well. - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet <asb@nexor.co.uk> Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+