A quick question for all you security-savvy people. Our IT instructor has asked the class to sign up for verisigns' 60-day trial of a class 1 digital id. pfaugh. give me a copy of PGP anyday! at least I can (easily) take my keys with me! I also understand that a well (poorly?) written activeX applet can grab my key basically without my knowledge (to speak nothing of the other myriad holes in win98/95) My question is, where the hell is the private key kept on the users box? How is it protected against attack? I had to voice my displeasure with the instructor that I could not take the ID with me on a floppy so that the night class would not have potential access, but got the usual 'it is secure enough, let it be' attitude. Thanks in advance for any information! ----------------------------------------------------------------------- james 'keith' thomson <jkthomson@bigfoot.com> www.bigfoot.com/~ceildh jkthomson:C181 991A 405C EAFB 2C46 79B5 B1DC DB78 8196 122D [06.07.98] ceildh :1D79 59AF ED75 5945 6003 8240 DA34 ACCA 9DE4 6BC9 [05.14.98] ICQ:354111 <keys> at pgp.mit.edu ...and former sysop of tnbnog BBS ----------------------------------------------------------------------- "You shouldn't overestimate the IQ of crooks." - Stuart Baker, of NSA explaining why crooks and terrorists who are smart enough to use data encryption would be stupid enough to choose DES =======================================================================