Subject: Any cypherpunks building encrypted phone?

I am working on that exact problem. It is not really that trivial. The encryption has to handle a lot of data real time. I have a license agreement for IDEA and am working on RSA. I am thinking of using triple DES rather than IDEA because of the cost of the IDEA license.

That seems reasonable to me. While there is some controversy in the community, I haven't heard anyone I respect say that 3DES is not reasonably secure (i.e, comparable to IDEA). But perhaps I've missed those comments! I think that even a straight DES phone would provide Pretty Good security, provided that it generated a new DES key for every call and swapped that key with the other phone via some type of public key encryption. Whether you use DES or 3DES, I suggest putting a button on the phone that force immediate generation and exchange of a new key. The truly paranoid can then press the button as often as they like.

How much would you pay for a good encrypted phone?

At $100, I would probably buy one for myself and several more as gifts for friends I'd like to talk to who would be unlikely to buy them themselves. Above $100, I'd still be willing to buy my own, but there would have to be a significant user community for me to talk to. I suspect it will be difficult to persuade the average non-cypherpunk to pay >>$100 for an encrypted phone that hardly anyone has compatible equipment for. You know, we should really spend some time deciding what kind of exchange protocols would be appropriate here on the list. Wouldn't it be nice if all the various groups out there building hardware and software phones could talk to each other? If we can agree on a spec, this can happen. One other thought--the *TRULY* paranoid will want to build their own phones from a schematic, and they may not want to use custom chips that **might** have a backdoor in them. The ideal phone might be based on CPU's, RAM, and DSP's, with no DES chips or anything like that. Lady Ada