notably the proposal of Yanek Martinson, remind me of the idea kicking around of simply programming a Sharp Wizard (or Casio B.O.S.S., etc.) to do the same function.

I have thought of that before. Actually, I was thinking of using a notebook computer with 2 serial ports as a prototype/proof of concept.

These devices have several advantages:

True. But there are also disadvantages: They generally don't have two serial ports. This may not seem like much, but is actually a serius problem. Since they tend to have small screens, weak keyboards, and not the greatest comm software, you might not like using it as your window into the cyberspace. The advantage of a standalone device with two rs232 ports is that you can continue to use your existing terminal, pc or a mac, along with all its conveniences.

1. Cheap. $150 or less.

I hope to make my device in this price range or less. I can not be sure yet because I don't have a definite hardware design completed, but that is the range I am aiming for. I don't know, maybe I am unrealistic, but I think that in kit form it could be significantly under $100.

2. No construction required.

If this idea ever takes off in a big way (about a hundred orders or so) then I have an electronics company that could build them for me.

3. Not likely to have trapdoors or other limits, at least not in the hardware, or in the units you buy today at your local electronics

While they may not have any intentional trapdoors, since you don't have the full design specs, you can never be sure of everything that is going on within the machine. For example, if in my device I have a section of memory that holds the private key, and I clear it (overwrite with nulls) then I can be reasonably sure that if someone was to get the device they would not be able to retrieve the private key from anywhere. In a machine such as a Wizard, you never know where the number may end up, for example in some area of memory used for the auto-resume feature or some kind of cache. If a device was not designed with security in mind it is likely to be insecure.

6. A fairly slow CPU,

Might severely limit the length of keys you can handle, therefore the level of your security.

7. Some have PCMCIA capabilities.

See my previous post on why PCMCIA is not a very good choice of technology for this purpose.

9. New versions of the software (e.g., PGP 3.21) can be added more easily, I suspect, than in a custom-built RS-232 dongle.

I plan to build it as a generic processor with two RS-232 ports. All the crypto stuff would be handled in software. So to cope with new formats, etc. all you would need to do is reprogram the EPROM. This is completely unrelated to the topic at hand, but:

By the way, the same arguments could be applied to using cellular telephones as the base for building/programming portable, personal crypto devices. (An exciting talk at Hackers on mods to Oki 900 cellphones was an eye-opener.) I don't think an easy interface to RS-232 ports exists, but I know some cellphones interface to computers (the Oki 900 above sure did).

What interfaced to the computer was the control functions (dial, signaling, etc.) It sure was fun and useful, but not nearly enough to make a secure telephone. The actual speech (that which you are trying to encrypt) is never actually digitized.... -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek@novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819