I've been reading the mish-mash of replies from "IPG Sales" and have been trying to figure out exactly what it is they think they're doing. Aside from the crap about not revealing details due to patent-pending issues, but claiming it's the same as a process that's been in use since 1966 (clue: prior art == no patent) and an unwillingness to provide any names or references for all this apart from mentioning Ms. Denning and Leyland's web page, I think I've got something pieced together. Perhaps IPG Sales will be happy to tell me if I've got it right or not: Step 1. 100 friends and I pay IPG $$$. Step 2. IPG starts up a hardware-based random number generator, and spits out 5066-bit chunks of random data to be used as OTPs. Since each pair of friends needs unique data (wouldn't want them easedropping on our gossip about them), IPG will generate a large number of said chunks. The magic box remembers every chunk it's ever spewed and never, ever repeats itself. Step 3. IPG's Kwality Kontrol Dept. will run a bunch of statistical tests on the chunks (did I see the standard entropy calculation in the list?) to make sure they look truly random. Chunks failing the tests get tossed. Step 4. IPG takes the surviving chunks and runs them through a "prime number cycle wheel" which is some kind of rotor system, with something like 64 rotors, or perhaps 64 passes through an n-rotor system. It produces primes, or works with primes, or somehow large random primes (can a prime truly be called "random) either come in, go out, or both. Primes are involved here somehow. In any case, whatever comes out is part of 10^1690 (or from a previous message, 10^2330) possible results. Why this matters I do not know. Step 5. The results are somehow variable in length (?) or in some way eliminates the need for a OTP to be at least as large as the message to be encoded. This has been claimed several times. So somehow the original OTP chunk produces new pads of potentially infinite length? Step 6. IPG mails out a lot of floppies to me and my 100 friends containing lots of these resultant things (which still sound like OTPs.) I assume US Mail is completely trusted, data is never corrupted, disks are never lost or stolen, etc. Step 7. These results act as OTPs (aka Nvelopes) that are used to encode the message. My buddies use the matching chunks to decode the messages (aka Nvelopeners.) The software system does all the work, and I don't have to do anything (much like public-key systems today.) Err... okay, maybe I don't have this figured out. Still sounds like OTPs, and someone selling random data at $15 a pop per month. Having multiple floppies mailed to me monthly, with all the inherent difficulties, sounds like a lot more work than public-key management. My bozometer is pegged. Looking forward to having my oversights corrected, Wink -- winkjr@teleport.com "We offer freedom to the masses. It's a tough fight -- I'll grant you that -- but we're brave. We're well financed. We believe that God is on our side." -- Netscape CEO James Barksdale