John Pettitt recalls an question from the audience at the SAFE conference:
One questioner from the audience made an interesting point that given that most of american can't seta vcr clock crypto will be totally beyond them unless it becomes pervasive ("you can buy it at radio shack").
It's not quite that bad. Here are a few (more or less strong) crypto products you might not know you have: 1. Every Macintosh made since at least 1988 has a secure authentication client module in the AppleShare Chooser dialog. When you use it to connect to a remote server, it notes that the user information is "two-way scrambled." (The server sends a random number challenge that the client uses to encrypt the username and password. The encrypted information is sent to the server.) All Macintosh systems running System 7 or later have the corresponding server software. What is interesting about this is that the encryption is completely invisible to the user. 2. At least one garage door opener company offers an opener that resets itself -- an intruder can't record the signal and play it back as the "key code" is one-time only. However, I agree with the questioner regarding the "set VCR problem." I suspect that the major problems in deploying strong crypto will be in marketing and human engineering -- and that the current regulatory environment adds to the difficulty by removing marketing incentives to do high-quality human engineering. Note that the VCR companies have solved the vcr problem by receiving a timecode from a local television station -- making the problem invisible to the end user. We should be able to do the same with strong crypto. Martin Minow minow@apple.com