Kent writes: | One-time key, how to distribute to both participants: don't. Let each | pick a random key and sent it to the other using the other's public | key--no need to use the same key in both directions, in fact seems a | bad idea. Sending your otp by RSA reduces the security of your OTP to that of RSA, since if your RSA key can be broken, the otp can be obtained. Since the problem is barely more difficult than factoring your rsa key (or craking the one time idea password in use), there is no security gain to the otp. otp's require that they be securely distributed. Usually, this means a courier with a briefcase full of cd-roms handcuffed to his wrist, or some other similarly paranoid means. Adam -- Adam Shostack adam@bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker.