Nick's story of the FBI agent telling him about having the NSA crack DES files found on a PC in a drug case could of course be the agent pulling his leg, but it could perfectly well be true. After all, brute-force may not work well for searching 2**56 randomly- generated session keys, but it's just fine for searching a million or so easy-to-remember short stupid keys from dictionaries and such. It's even faster if you augment your dictionary with the filenames on the machine, first names of stupid people and the victim's friends, family, customers, etc. If Crack can do a good job finding root passwords for computer-literate sysadmins, it ought to be pretty good at finding passwords for semi-literate folks as well. Bill # Bill Stewart wcs@anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030