writes uri@watson.ibm.com: ---- Yes, a very valid point. But it seems to me, that Random Data claim is the best, with the highest chances to keep one out of trouble (if anything can :-). The algorithm? Oh, sorry, but it's a HARDWARE random data generator! And if it's truly good random gen, there are no patterns to track... One can use it to create huge one-time pads, BTW... "Salt" some of the encrypted (or plaintext :-) messages with those... ---- Yes? Hardware? Well, then, where is the piece of hardware you used, then? It seems this falls to the Big Brother 'where is the algorithm' test even harder, as it is a physical piece of equipment. It seems to me that if I were an agent and I were looking for transmissions from an individual and I saw him sending out 10 copies of the `Rocky & Bullwinkle Show' intro per week, I'd look into those, even though they seem normal enough. When I checksummed them and they didn't match, I'd be more than suspicious: I'd start stripping the lower bits off. If I knew that the suspect used PGP and RIPEM, I'd most certainly try and push the output through them, if they weren't plainly recognizable. Seems to me that the best thing to hide pgp in would be a low-quality host-medium (lots of noise!) that changes frequently, so the checksumming cannot occur against the same message. The low quality could also be attained by pushing more of your message into the host; maybe alternating between the 8th bit and another bit. In any case, I don't think that the host should be a stable one (frequently used) or one that can be easily compared to the original. Matt Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom@u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom@hardy.u.washington.edu