On 20 Jun 96 at 10:29, Adam Shostack wrote in cypherpunks@toad.com:

Not to defend the safemail folks, but this does remind me of something that NeXT did with Eliptic curve based systems; there was no storage of the private key, it was generated from the passphrase at run time. It was a side discussion, maybe with Andrew Lorenstien? Andrew?

Daniel R. Oelke wrote:

The HKS archives are still down, but a while back on the coderpunks list was an interestng idea about hashing a passphrase to seed a crypto PRNG and used the first good set of primes etc. for a secret and private key pair. Only the private key is saved in such a case. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto) AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com> Send a message with the subject "send pgp-key" for a copy of my key.