We've been discussing the security problems with leaving your PGP key around on anonymous remailers. Mixmaster and the ghio2 remailers have the key compiled in, but at least for ghio2 the string is sitting there unencrypted and unmasked in the binary, where somebody who can access the binary can run "strings" to steal it, without even the bother of decompiling :-) The primary alternative is to start up the remailer with the PGP passphrase in its environment, but doing that has its problems - the ghio2 remailer is made to run as a batch process called for each message, rather than a permanent listener, and if you did something like put the key into the sendmail daemon's environment, it'd probably be even easier to steal (e.g. anybody on the machine could do it by setting up their own mail-processor.) A minor hack that I do with my remailer is to keep two versions of the source - a vanilla one for distribution, and one with all my customized information that I actually compile and run. So how can you keep a persistent process that isn't part of the mail empire? One approach is to have a remailer daemon using sockets or named pipes that does the decryption and feeds mail to a remailer process (which _it_ calls) for delivery or has its own builtin remailing - you'd input the key to the daemon when you start it up, and wouldn't need to leave it in a file or environment, just in the executing process itself. Probably an hour's hack using PGP3.0, or you can grind up the current I/O routines for PGP 2.6.2 and ignore the fact that you void your RSAREF license that way. You'd have to get rid of some of the code that overwrites the passphrase and other sensitive data, though. Another approach is to have a separate box that's not on the network that the remailer runs on (obviously this is easier on a machine you've got at home or work rather than at an ISP...) You can take that old 8086 or 386, run a daemon to accept files on the serial port and return them to the mail system on the serial port. Uucp is probably secure enough. (Does PGP run on Minix, or on any of the old Xenix or Venix operating systems? It's probably easier to build workable communications daemons on one of them than on DOS, though there are DOS uucp and kermits that you could hack up. For a 386, Linux is the obvious choice.) Since the entire remailer would be running on the box, and you don't permit logins from the serial port, it's probably pretty secure, even against someone with root on the network-connected machine, assuming all your traffic is encrypted.