Congratulations and good luck. I have a Mac and will not be buying you PC version. I might well buy a Mac version especially at the $99 introductory price. I hope you send me e-mail when you have a Mac version. I am impressed with PGP and would be willing to pay for a "legal" version. I have no important secrets but may still buy the program as a matter of principle. I have a couple of (free) ideas you may be interested in. (Consider this a customer request if there are any lawyers about.) As I understand PGP, it generates random numbers by timing keystrokes for at least two purposes, first to avoid known plain text and second to choose large primes for the RSA key. If there were an option to generate those random numbers by a published mapping from input text then the following benefits would accrue: The paranoid could compare the output of your program with others written to the same spec to gain assurance that programs operated to spec. This is especially critical in key generation. I would propose that the spec would be to choose the prime from among an arithmetic sequence A+Bn where A and B are derived from the input text. The paranoid would know that the cipher text contained no covert or subliminal information. Both of these benefits would accrue without having to read the code for either of the systems compared. It would need to assume no collusion to achieve this assurance. Some paranoids would see the threat of exposure as sufficientreason to trust the program. Another advantage is that I could run your PC version on my Mac using SoftPC. I understand that PGP does not get random keystroke timing under SoftPC. Yet another advantage would be to those who wish to keep their private key in their head. This would require remembering and correctly typing about 1000 characters at each computer sesion. An optional text checksum would thus be strategic and not compromise security. I understand that the quality of keyed data may be poor. Shannon estimated that such data could provide about one bit of information per character. It might be difficult to provide a sufficient warning to users unfamilliar with information theory on the dangers of known or guessed sayings as input text. Unlike some cryptographic applications weekness in the random numbers does not induce sudeen failure. The effort in breaking a public key declines slowly with declining quality in the random numbers. Keystroke timing may well be the best default however.