Developers using the current version of PGPtools should becareful to add keyspace FIFO and passphrase "burns" to their applications to insure that security critical information is NOT left carelessly in memory... while PGP 2.3A is VERY scrupulous, PGPTools package does NOT have sufficient internal checks and "burns" at present...this is left to the developer at pressent... I also noted a fifo_unlink routine where a burn should be performed prior to the unlink from the FIFO queue... Anon