[ Stanton McCandlish wrote ]

The persons holding this viewpoint espouse the idea that the NSA can crack anything, pretty much, and that anything they could not crack would not be available to the general public, but would have been supressed.

That view allocates to the NSA the power they wish they had over cryptographic creativity. I wonder if the author is really NSA him/her self. Vernam's one-time-tape [-file, for us] is provably unbreakable and not suppressed. RSA with enough modulus bits is unbreakable and not suppressed (although they tried). [We don't know how many bits is "enough", however.] There are ways to use DES which increase the difficulty of breaking -- but again we don't know how many instances we have to use to achieve enough security to foil the NSA. We know we can get there, however, and I'm willing to bet it's not difficult. Of course, I don't know and don't want to know. I want the NSA to be good at what it does. I want our team to be able to read the other team's signals. All I want is to preserve my freedom to use any cryptosystem of my own concoction -- straight invention or cobbled together from others'. I've had that freedom for all my life and intend to preserve it. ----------- Can NSA break PGP? Who knows? I'm not sure I care. I don't see the NSA as my enemy, per se. (That does *not* mean I'll hand them a skeleton key to my traffic, eg., via Clipper.) My secrets are from people I think of as criminals (in or out of government) and I want to use strong cryptography to foil them. I would trust PGP for that. I trust RIPEM with triple DES (and 1024 bit RSA keys) a bit more, for its better-tested conventional algorithm. For even better security, I would use: 2000 bit RSA keys true hardware ranno generator for session keys des-cbc|tran|des-cbc|tran|des as the conventional cryptosystem but, of course, there are always TEMPEST attacks, bugs in my office, ..., and as Diffie points out -- you have no control over the recipient. S/he might send cleartext of your messages right to the person you're trying to foil. Fact remains: there is *no* absolute privacy. There is only a computational hindrance on eavesdropping. - Carl