Hi folks, If one had the ability to create standards over, with reckless disregard for performance, how would you improve their security? Feel free to pick a protocol or system (e.g. gpg or isakmp) and let me know how it is done, and how it should have been done. For example, pgp doesn't hide the key IDs of the addressees. Many systems use hashes that are too small. DSA keys are too small compared to large ElG keys. How would you make a signature with a larger keyspace? Does the protocol wrap encryption in authentication instead of vice-versa? Does ISAKMP do encryption where the input is meant to be secret, instead of the key? Does it use a rinky-dink algorithm, now that much better ones are available? I've got a hankering to re-write something, and I want to know what can be improved the most. PS: There's a paper on cryptanalyzing CFS on my homepage below. I got to successfully use classical cryptanalysis on a relatively modern system! That is a rare joy. CFS really needs a re-write, there's no real good alternatives for cross-platform filesystem encryption to my knowledge. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B