Hi Alex,

I read your article in the latest edition of CoDE and ejyoyed it immensely. Great background information, etc.

I have a few questions I thought I'd toss at you to see if you have any ideas or suggestions and perhsps give you at least one person's thinking about using the CryptoAPI. Maybe some issues to address ina future article?

1) Is the API always available on W98+ operating systems or should one include it in an installation routine just to make sure?

2) Is there a known multiplication factor for size-of-string changes when a string is encrypted. When I've fooled with the API is takes a string like "password" and returns a string several times larger. Is there a way to know how large a returned string is going to be or would one be wise to store all encrypted information in memo fields?

3) Is is possible with the CryptoAPI to create a hash? That is, create some encrypted info that's not able to be unencrypted but can be verified? Maybe I don't have my terms well defined but I seem to remember that when something is hashed it is forward encrypted but cannot be backwards unencrypted but you can still forward encrypt the password and then compare?

4) What about the passing of keys around? I have often thought that a dual system of public/private kesy would be the best. That way the local, secondary public key can change at random times to increase the difficulty in spoofing a system. I don't know if this makes sense but the idea is to encrypt the key with a key, then change the key....

Thanks!!