PGPFone locks down phone conversations By Robert Hess [MacWEEK 08.07.95] The debate over digital wiretaps and the Clipper hip may diminish in importance if Phil Zimmermann and a pair of developers have their way. The group's PGPFone 1.0, a free telephony encryption program for the Macintosh, is set to ship next week. With it, two users can conduct secure conversations using the Mac's speaker and microphone, a 9,600-bps modem, and a phone line. If a PGPFone conversation is intercepted, all that can be heard is static. Version 1.0 for the Mac works only via direct-dial modem connections, but programmers Zimmermann, Will Price and Chris Hall said they expect to ship by the end of this month a version that communicates over the Internet. By the end of October, PGPFone will also operate on an AppleTalk LAN using Open Transport. A Windows 95 version is also planned for release this month; a Windows 3.1 version will not be created, but OS/2 is being considered, the group said. PGPFone establishes its secure connections using a public encryption algorithm called Diffie-Hellman, which exchanges keys at the time of the call. No previous trading of keys among users is necessary, unlike data-encryption products such as MacPGP. Users can select the scheme used to scramble their voices. TripleDES or Blowfish, two extremely powerful standards for encryption, may be used, depending on the speed of the host Mac. "Someone could run PGPFone in the background, receive a call from an unknown person, and the call would be absolutely secure," Price said. PGPFone adapts to the Mac on which it runs, changing sound quality to match the hardware available. It requires at least a 33-MHz 68030 CPU and will be available from the outset as a native Power Mac application. "At 9,600 [bps], voice quality is fair but definitely intelligible," Price said. "At 14,400 everything sounds pretty good, and comfrtable conversations are possible. At the top range, two Power Macs with 28.8-Kbps modems can achieve sound quality that is notably superior to normal phone conversations. Zimmermann is well-known for his legal battles with the U.S. government over PGP (Pretty Good Privacy), a utility considered the standard for Internet e-mail encryption. To avoid a repeat of those troubles, PGPFone will be licensed only for noncemmercial use within the United States. "We'll likely have a commercial version available to corporations," Zimmerman said. PGPFone will be uploaded to the Massachusetts Institute of Techonlogy's PFP FTP server at ftp://net-dist.mit.edu. The full source code will be released for peer review.