Mike Ingle had some good thoughts: Since the Canadian case, there's been a lot of talk about the problem of being coerced to reveal your key. If the coercers play by no rules whatsoever, there isn't much you can do. If they suspect you of having encrypted data, they will beat it out of you. ... Hypnosis might offer a defense here. A post-hypnotic suggestion could make it impossible for you to remember the passphrase in a coercive situation. Even better, you would remember -very clearly- an -incorrect- passphrase unrelated to the correct one. The more stressful the situation, the more you could think of -nothing else.- You could then put on a convincing performance that you are baffled why the passphrase you are "sure" is the right one doesn't work any more. Steganography can hide your data, but then you have the steg program itself. If they find the program, they have reasonable grounds for assuming you have hidden data, ... Then better hide the steg program. A good design would be like LZEXE, that would attach itself to any program, and would just pass through any command line except a pass phrase. It would require highly skilled analysis to detect the steg program hidden in, say, your GIF viewer or WAV player. This takes nothing away from Mike's suggestion of having different passphrases access different data. -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca