Mailing List

Design Considerations

The Box

(These design specs are what we dreamt up here in Holland after coming back from Germany, and they may or may not match the first prototype.)

The Harmless Little Box (HLB from now on), is a stand-alone device for encrypting telephone conversations over normal POTS telephone lines.

As we see it now, the Harmless Little Box (or HLB) is a small device, about the same form factor as a standard desktop modem. It would have a power input jack, RJ-11 phone and line jacks and a serial port to talk to an attached modem. It would also have a small display and one big red button.This box would bascically do what Eric Blossom's box (I forgot the name) does, except the modem is not built in and it does not use synchronous mode, so it can talk to PC-based software only implementation.

It should cost about $US 100 to build yourself, and should use only chips for which there are publicly available free development tools. It should have flash-ROM so software can be upgraded by attaching a PC instead of a modem. Sourcecode to the firmware, schematics and board-layout will be published and available for commercial and non-commercial further development, as long as the original authors get credit.

In our view, this box would allow normal use of the atttached analog telephone line through the phone jack until the button was pressed. At this time, it would initiate a modem link using its attached modem (originate) with the other side. If the box on the other side sees the carrier from the remote modem (it has AD/DA at the phone interface) , it would tell it's attached modem to go to answer mode.

At this point the two modems have disconnected the analog signal from our harmless little box. Just to make sure no analog signal leaks to the telephone circuit, the Box itself cuts the analog path to the phone jack as well as soon as it receives a CONNECT from its modem.Now the box finds out what the actual data rate and delay are, does a Diffie-Hellman key exchange with an (8 digit ?) session key hash being displayed on the box and negotiates encryption algorithm and codec. The box should have a built in hardware random generator.

It's been suggested that at least one codec capable of operating on or below 9600 bps and one encryption scheme should always be implemented so that all boxes interoperate. Really good sound quality would probably not be achieved unless 28.8 kbps modems are used.Hanging up any one of the two telephones terminates the connection and causes both modems to hang up. The party that has not yet hung up does not get the analog path to it's modem restored until it has also hung up. (This is to to avoid what we call the 'shouting-very-personal-things-to-someone-at-a- party-just-as-the-very-loud-music-stops effect').

Details, details

Extra features not in the minimum specs include a chipcard socket for other key management schemes and a second serial port so the device can be simultaneously connected to a computer and a modem. The first prototype may include these features already.
Analog leakage will have to be minimized from the phone interface to both the modem and the power supply, but the purpose of this device is not to make it completely impossible to tap (because this would drive the price up too much), but only to make it considerably harder to tap the phone than to bug the room.
Breaking news: there are schematics available for the prototype. No accompanying text yet, just raw GIFs for now.

The Program

The Harmless Little Program (HLP ofcourse) should at least interoperate with the HLB over an attached modem using the platform's standard sound interface for clear voice input and output. The only difficulty in the interface is that the software cannot detect that the other side is trying to connect, so the user must probably tell it to either originate or answer.

It would be even nicer if the same software could also be used for voice-crypto over the Internet, since the existing applications to do this seem to have shortcomings. We would also like people to be able to use the same interface for both phone and Internet calls.

There are a few popular voice crypto programs available now, such as Nautilus and Speak Freely. In our view they all have disadvantages making them unsuitable to push the standard that we feel is needed.

If you have questions or comments regarding this site, please contact The Cypherpunks Webmaster.