Unfortunately, you can't really do a brainless black box phone with security that's much better than Diffie-Hellman (The "send half the key at a time" variant is somewhat better, but still can be tampered with.) The problem is that to do better security, you need some way to authenticate the Diffie-Hellman exchange. One way is to have a display on the phone which shows the data received, and read it to the other person (which is secure, but not brainless). Another way is to use digital signatures such as RSA on the Diffie-Hellman key parts, which requires some mechanism for users to create keys and distribute them securely, also non-brainless. One way to do this would be to use a central key-distribution server, perhaps based on phone serial number or telephone number or whatever, but that requires a lot of complexity, extra phone calls, etc.; this compromises a certain amount of security, though if it's implemented well enough to be non-spoofable, the major risks are the insecurity that comes from registration and the ability of people who compromise the keyserver (i.e. the government or keyserver-operator) to send incorrect public keys to wiretap victims allowing man-in-the-middle attacks. Another way that's not quite brainless would be to have public keys generated in the phone for signatures, and allow users who want to to exchange keys; you could build some relative of an automatic web of trust if you put enough memory in the phones, but then you'd have to provide memory management etc. which is distinctly not in the brainless category. Bill