Say that we wanted to use 80 bit RC4 for our crypto application, but we were only allowed to use 64 bit crypto because we lived in some police state that enforced its wishes. Couldn't we modify RC4 easily to provide the same security against brute-force attacks by just running the key-setup phase 65536 times instead of just once? That would slow down the key-setup (on my machine) from 50,000 per second to just over 1 second, but so what? It takes ATT more than 1 second to set up a long distance call, I can wait another second to start the conversation. If our breaking of 40 bit RC4 was a one, then this 64 bit RC4-modified would be a 109,951,162,776, well beyond possibilities that I can imagine. You might say that you could save all 2^64 key tables, but that is a huge amount of data, millions of terabyte-capacity tapes. In the GAK proceedings, I have never heard of any limitation on the algorithm, just that it be public and 64 bits or less. And, of course, have GAK. Of course, it wouldn't surprise me for this kind of technical fix to be immediately outlawed by the aforementioned police state. thad -- Thaddeus Beier email: thad@hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624