Since the Canadian case, there's been a lot of talk about the problem of being coerced to reveal your key. If the coercers play by no rules whatsoever, there isn't much you can do. If they suspect you of having encrypted data, they will beat it out of you. If they do play by some sort of rules, a technical solution might save you. Steganography can hide your data, but then you have the steg program itself. If they find the program, they have reasonable grounds for assuming you have hidden data, particularly if you have large quantities of the sort of data which can conceal files, such as sounds and graphics. So what you need is the ability to hide both the "real" secret data and some decoy data at the same time. This could be done using something like MD5 as a random number generator. Suppose in the near future you have some type of storage device which can hold a few gigabytes. You record some audio off the radio, deliberately choosing a noisy station, and store it on your drive. Now there is no digital master to compare it against, and the least significant few bits are pure noise. Now just take a passphrase, append a 32-bit counter, and start counting and taking MD5's. For each one, you get 16 bytes of pseudorandom data, which is reproducible only if you have the passphrase. Use each four bytes as a pointer into your sound file, storing one bit of the hidden data in the lsb of that location. This would be such a good transposition cipher that you might not even have to encrypt the hidden data first. You can use two pass- phrases to hide two different files in the same sound file. There is always the possibility of a collision - both passphrases write to the same bit - so you will need an error correction code. Now when they demand your passphrase, you give it to them. And they find something - bogus personal letters, financial records, some mildly indecent .GIF's, pirate software, anything that is worth hiding, but not prosecutable. Of course, there is another passphrase which unlocks the real data, but you don't tell them about that one, and they have no way to prove it exists. Unlike Secure Drive, this could not work in real time. You would need enough memory to dump the steg data into a RAM disk, work with it, and then re-write it into the hidden file. But it could be done, and if the courts rule that you have to hand over your keys or rot in jail until you do, it may be our only recourse. --- Mike There are no good governments. There are bad governments, and worse governments, and really horrible governments, but no good ones.