In <[log in to unmask]> [log in to unmask] writes:

> > First, there are a couple of questions that I would truly appreciate opinion
> ns
> > on. They all deal with what level of security do you feel is necessary: Is
> > the security level required necessary that it be (i) merely capable of
> > confusing the fairly intense college hacker for a period of weeks, or (ii) i
> is
> > the intent foiling the National Security Agency?

Why not get both? DES/triple-DES are (with sufficient keysizes) VERY tough
ciphers, source code is freely available and unencumbered by patents, and
it's PROVEN technology. It's one of the base algorithms supported by all the
public key encryption schemes, so chances are if you use it, you'll end up
being compatible with any standards that come along.

With any strong encryption in a US software product you have to deal with the
export rules, however ACP (Americans for Computer Privacy) and several other
organizations have been lobbying hard to get those restrictions dropped (or
at least significantly reduced). From the Washington Post's article the other
day it appears that those restrictions are very soon to be lifted... So, even
now you could export the program if you used 56 bit or less keys; later you
could support much larger keys with the same algorithm and be VERY secure.

DES/triple-DES work on 8-byte blocks, with subsequent blocks encoded based
on results from the earlier blocks, so it'll work for small chunks of data
(like MPE passwords/lockwords) but bigger blocks of data yield more diversity.

I can e-mail you DES source code (C) that compiles on the 3000; we compiled
the routines into an library which other programs call at will (so you
could utilize it without change in your BASIC code most likely). (It also
compiles on PCs as well)

              -Chris Bartram