Why not offer the user 2 choices to recover a lost password and let them decide how much effort they should use to protect their gold. 1) Default - just email password back in plain text. 2) Or, if they have previously submitted a PGP key, send the password in encrypted email. Jeff --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Did you know that e-gold Ltd. stores more gold on behalf of customers than many countries? See http://www.gold.org/Gra/Gra1.htm and the e-gold Examiner at http://www.e-gold.com/examiner.html for details.