Tim (yes, it was me--Kent Borg--you quoted the most recent time you said--roughly--that other people's security is no very important to you), there is a very good reason why you want *everyone* to have good security. The fact that "everyone" will use up the snooping resources of the TLAs, leaving less for them to throw at you, is not the main point, for the TLAs might come up with clever secret approaches which allow their resources do amazingly efficient things. What you really want to know is what the state of the art is inside the NSA, what efficient things they can do. (You want to know the *whole* story behind the S-boxes, what Skipjack is, etc.) The best way to do this is to badly, I mean *BADLY*, tempt them to tip their hand. If pedophiles (the canonical/mythical threat) are the threat they see then put the best security we (on the outside) have in the hands of the world's pedophiles and watch the prosecutions. Either the TLAs tip their hands by cracking the 1998 version of PGP 5.0.2 with IDEA^3 or they don't. If they do, you know they cracked it. If they don't you know one of two things: 1) They didn't crack it. 2) They did crack it *but* are too afraid to say they cracked it--which is nearly equal to not having cracked it. (Preventing them from acting on information is close to denying them the same information--the Coventry Legend and all.) A wonderful way for us to drive cryptological research out into the light is to *temp* them into showing their hands, and giving good security to *everybody* is the best way to do that. Following this argument, preventing trivial "quick brown fox"-attacks is part of the job of giving good security to everyone, make them work at the interesting problems. Conclusion: my recent "passwords are hard" tirade is not completely off-subject. More general conclusion: user interface issues ("My Mom" et al) are very important. Certainly, working on the gaping hole of Tempest attacts is very important (any ideas?), but don't forget that RF-snooping of moving notebooks requires risky ~field work~ and bad take-out food, something properly high-tech TLAs hate. Tempest attacks are only worthwhile against juicy targets, while some other attacks are useful in bulk. (For examples of how poor passwords are useful in bulk, read RISKS, use your imagination, and extrapolate to large populations.) Tim, the best way for you to have good security is to put good security in the hands of the millions. -kb, the Kent who can sometimes get personal and use first names -- Kent Borg +1 (617) 776-6899 kentborg@world.std.com kentborg@aol.com Proud to claim 31:15 hours of TV viewing so far in 1994!