> Your second statement (...but its probably [ GodAwfulMany to 1 ] ...) seems > to be based on nothing but pessimism. Not really. The birthday attack works because you aren't picking a single common "birthday" in advance. You are looking at the entire population of key,cleartext pairs. If you pick a new second random starting point for this attack, the probability of a match is still just as good as with the original second random key. Since there are 2^56 random starting points and each of those trials will generate (one hopes ...) 2^32 unique keys in the hash table, we can repeat this expirement 2^24 times, with each of those 2^24 times having the same high probability of success. -- John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh@rpp386.cactus.org