[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



Subject: Any cypherpunks building encrypted phone?

>I am working on that exact problem. It is not really that trivial. The
>encryption has to handle a lot of data real time. I have a license
>agreement for IDEA and am working on RSA. I am thinking of using triple
>DES rather than IDEA because of the cost of the IDEA license.

	That seems reasonable to me.  While there is some controversy in the
community, I haven't heard anyone I respect say that 3DES is not
reasonably secure (i.e, comparable to IDEA).  But perhaps I've missed
those comments!
	I think that even a straight DES phone would provide Pretty Good
security, provided that it generated a new DES key for every call and
swapped that key with the other phone via some type of public key
encryption.  Whether you use DES or 3DES, I suggest putting a button on
the phone that force immediate generation and exchange of a new key.
The truly paranoid can then press the button as often as they like.

>How much would you pay for a good encrypted phone?

	At $100, I would probably buy one for myself and several
more as gifts for friends I'd like to talk to who would be unlikely to
buy them themselves.  Above $100, I'd still be willing to buy my
own, but there would have to be a significant user community for me
to talk to.  I suspect it will be difficult to persuade the average
non-cypherpunk to pay >>$100 for an encrypted phone that hardly anyone
has compatible equipment for.
	You know, we should really spend some time deciding what
kind of exchange protocols would be appropriate here on the list.
Wouldn't it be nice if all the various groups out there building
hardware and software phones could talk to each other?  If we can
agree on a spec, this can happen.
	One other thought--the *TRULY* paranoid will want to build
their own phones from a schematic, and they may not want to use
custom chips that **might** have a backdoor in them.  The ideal phone
might be based on CPU's, RAM, and DSP's, with no DES chips or
anything like that.

	Lady Ada