Now, my knowledge, time and resources are limited. I see that MIT or whomever has made a program that, under test, is more secure than my XOR 00000000 implementation. I may not fully trust them but it is better than anything I could come out with.

Foo. Clipper is better than anything I could come up with from scratch, and it's provably untrustable. (I could easily build better stuff out of existing pieces like DES and IDEA, but that's a separate issue.) Even Enigma's pretty strong, and look what it got its users... Some of Dr. Fred's distrust is well-founded. DES is also pretty good, and it's looking less and less likely that there's a secret NSA backdoor in it (other than differential cryptanalysis and maybe linear cryptanalysis), but it and IDEA and MD5 fundamentally depend on messiness and obscurity for their security (plus elimination of obvious holes.) Maybe the authors of IDEA are paid by the same space aliens who really run NSA? RSA has some provable strength to it, though it's not totally risk-free. (One Time Pads do too, and yet people manage to misunderstand and misimplement them almost as much as they mishandle keys.) If you want a provably strong cryptosystem, you could build one out of pure RSA, which would merely be painfully slow, but could be usable. Or you could build a Blum-Blum-Shub Random Number generator, and use it to generate one-time-pads (putting BBS into PGP version N+1 would be interesting...) However, the real weak point of PGP doesn't appear to be the algorithms, or the implementation (except ease-of-use issues); it's attacks on the computers themselves. TEMPEST is fun, if difficult and expensive, black-bag-jobs on keyboards are easy and effective if you're a good housebreaker, and you can always try viruses and trojan horses to distribute keystroke-stealers. I seem to remember that Dr. Fred was once a proponent of using viruses for good purposes for propagation of information or whatever? Anathema! #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- # Crypto in 3-4 lines of perl --> http://dcs.ex.ac.uk/~aba/