Thank you Lars & Ken. For Lars I have in the past had more or less the same experience in the past in regards to porting/using encryption on the HP3000. But, I am still going to try for a commercially workable product for this platform as well as being cross-platform compatible. To Ken, thank you. I have a neighbor who works in an admin. capacity for HCFA and I have been trying to locate further specs than what he could provide. This gives me something to start with, even though I am leery of dealing with the 160+ Elliptical Curve systems. For nothing else, I am not interested in getting that acquainted with the local USA Justice department and their representatives. An idea or argument may be that since the Fed's mandate this then would this not be entrapment? A levity for thought. Tom "Ken Hirsch" <[log in to unmask]> wrote in message news:9430790stj@enews2.newsguy.com... > Gavin Scott <[log in to unmask]> wrote: > > Thomas writes: > > > So being, I have take ownership of a 928 with the purposes of creating a > > > commercially available 128 minimum standards and hope to have > > > something out later this year. > > > > Should not be too hard. > > > > > My former client needs 128 bit, with a public key, to meet HCFA > standards. > > > > This is a rather imprecise specification of your requirements. For > example, > > I'm aware of no public key algorithms for which 128 bits is a secure key > > size. Are you aware of how public key cryptography is typically used? > > There are (usually) two encryption algorithms used with public-key > encryption. The public keys are used to exchange random keys that are used > for just one session or one file. If the inner key is too short, the > message can still be decoded by brute force. The government has always > allowed 40-bit SSL to be exported, but has been picky about 128-bit SSL. > > The HCFA Internet security policy is outlined at > http://www.hcfa.gov/security/isecplcy.htm > >