* A "cracker's guild" to break weak cryptography and publicize the cryptanalysis algorithms (cf. the Word Perfect crypto cracker), forcing the weak crypto off the market. For example, if NetCash was deployed this organization would crack it. This organization might be funded anonymously by those selling strong crypto (who have an incentive to debunk their competitor's hype).
The person who built the standard "network license manager" for Unix (flexlm) has offered us cypherpunks access to the protocol if we'll try to crack it.
* A formal Crypto Auditing Agency that would verify the algorithms and protocols were secure, without revealing trade secrets. My next statement may cause hisses & boos, but I think the recent Crypto-Auditing of Clipper by Denning and other eminent cryptologists will be a model widely applied in the commercial computer security business. The auditors should be able to examine the source and run the programs without revealing trade secrets.
The auditing may indeed be duplicated. By marketing departments, and for the same reason as the Denning auditing -- marketing. Solely. There is no way that the selected group of people could crack a half-reasonable cryptosystem in a few weeks. Real Cryptanalysts spend months and years working on cracking cryptosystems, and none of the panelists was a Real Cryptanalyst. We had all the details of DES, and it took 15 years to make a dent in it. But they fooled you -- and maybe a lot of other people -- so there *is* a function for such review panels. Sponsoring one is a way to convince innocent spectators who don't know better. Marketing. John Marketing Dept, Cygnus Support