At base, the moral to the story is that a compromised user machine permits essentially any and all activities to be suborned. Only a smart card mechanism stands a chance of standing up to this, but that, in effect, makes the smart card the 'user machine'.

True and has been one reason the smartcards/tokens/etc have been available for years. The other side of the coin is expense - for a smart card and reader you are looking at over $100. For a token alone (you enter the one-time response) $30-$60. In a mass-market environment, this is not supportable. OTOH, keyboard sniffing software is easy to detect because it must go resident and it must intercept the keystrokes. The fact that no software has bothered to do this does not mean that it cannot be done. The easiest way for such software to act would be to ignore the machine software and when sensitive material is to be passed, to do so via direct port (hardware) access - been a while since I looked at it but AFAIR is around port 60h. (PC type machines) This would take care of anything sitting on Int 09 or Int 16 since it would be bypassed. Often a problem that looks difficult when viewed as a whole becomes simple once you disassemble it. Rather than try to find a workaround for a machine you do not trust, why not develop a means to trust it ? Can do with software alone and that is cheap. Warmly, Padgett ps Dave, what is this thingie on the 21st ? May be in the area (opportunity for plug here 8*). pps Before y'all get too wrapped up in free-speech vs libel in the US I would suggest studying the difference between criminal law and civil.