Timothy C. May (tcmay@netcom.com) did write: : Not that had Mr. De Payne been using PGP on Netcom, with his secret : key stored there, the cops would have it. (The passphrase maybe not, : depending on whether he stored _that_ there, too. And whether Netcom : had logs of keystrokes entered, which strikes me as something they : would probably have--we really need a "zero knowledge" kind of : "reach-back" for remotely-run PGP.) Would a "challange response" type of verification do the "trick", ie is it secure enough for passphrase monitering ? : I just don't think the dangers are worth it. All the theoretical hot : air about whether kestroke timings are "random enough" is moot if : Netcom is turning over records to investigators. : --Tim May -- ____ Alex de Joode <usura@xs4all.nl> \ /__ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- \/ / "It's dangerous to be right when the government is wrong." \/ --Voltaire --finger usura@xs4all.nl for PGPpublicKEY--