Re Pete's proposal for an on-net random source which could be accessible to users who would then use a psuedo-random process to select which bits to use in compiling cypher keys: What you'll get will be superencipherment, which is no more secure than the links in the chain. The random stream would be non-secure; and so we're left with the security of the psuedo-random selection process. To analogise somewhat, white noise put through a filter has the characteristics of the filter. Try it with FM static and a graphic equaliser. Now to play devil's advocate here, I wonder if a less-than-perfect physical random source would be acceptable, since the potential domain of decryptions would be large enough that unicity in cryptanalysis would in practice be unattainable. What do you think...?