-----BEGIN PGP SIGNED MESSAGE----- As we know, security is always relative to a threat model. For example, most cryptographic protocols today will not protect their users against the cloning attack I described earlier, nor more mundanely, against video surveilence of your computing space. What can you do if you ARE worried about such attacks? The answer is doing cryptography in your head. Well not quite, since many cryptographic operations are very computing intensive, and not everyone can do 1000 bit mental modular exponention in a reasonable amount of time. But if you have a piece of secure hardware that you can trust to do some of these operations for you, then all you need is a secure communications channel to this piece of hardware. There may be other ways, but I suggest that you establish a common key with your crypto server ahead of time, and then simply encrypt all your communications using a symmetric algorithm. RC4 may be a reasonable choice, since the operations are simple and easy to remember, but you need to keep track of a 255-byte state. WAKE is probably better. Although it uses a large key table, you only have to memorize it once, after which the only state that is changing is four 32-bit registers. I am sure better algorithms can be found for this purpose if mental cryptography is made explicit as a design goal. Perhaps it should be? - the Mad Scientist in the Middle -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMH7l+9IjPOsOWLIJAQEwDwP7BB6ZlEoYVoOFYtzNDcF4XpCKs71GyASC TiwCf+donWycN9SiJHApyXXbnuppGiEyAQYMBGkSLMyIwPMcE4v6CSt2DkpbPjkF XauZy4rqDNljV2pk7PldbPOHDow9wOeoSF2S/luKAoHx5aJWVQrE5SKIgwY2xWfx DYhjte2v9Jc= =88be -----END PGP SIGNATURE-----