Can we talk encryption here?

Encryption is of course no-go on the ham bands, but in considering all aspects of radio comms, I see the potential need for keeping a conversation private.  I know in some cases during disaster comms it is preferable to at least use a digital mode like packet to convey PII over the air to prevent casual listeners from picking it up, and for that purpose probably works well enough.

But considering a case of short range voice comms that need to be complately private, on a non-ham band, seems to me the easiest solution is something like a DMR radio with available encryption like an MD-380. Radios are cheap enough that you could keep several on hand, or friends/family could have them as well.  Other option is an open source homebrew where you could add whatever you wanted like AES256 but that's a bit more work and proprietary.

I don't have any experience with encryption but several guys here work with commercial radios. Just give it some time and they will probably be able to help you.
D-Star radios can be used for somewhat private comms. Use the radios in analog mode but switch to another frequency and D-Star digital mode when needed. An average Joe with a scanner won't be able to decode D-Star digital. It will simply sound like a bunch of noise to an inexperienced listener.

Also, very few people have radios capable of operating on 220 Mhz.

I believe Wouxun KG-UV8-Plus (or UV9) is capable of using encryption. It's somewhat affordable too. I'm not sure if it can transmit outside of ham bands.

Dont confuse obfuscation with encryption. Some radios will do voice inversion which in 1972 was good, now a SDR# plugin will break it.

Most DMR radios have some spin of encryption probably not based on the DMRA standard and closed source so who knows how secure.

Hytera and Motorola both offer premium licenses for their radios (basic encryption is free) *speaking of DMR only.

NXDN uses DES and has offerings for paid AES upgrades.

P25 of course has the ability but is costly and some of the older radios require a key loader.

@zapzap is probably a little more savy on the licenses avalible. For our LMR we use hytera basic privacy because upgrading cost an arm and leg.

Depends on the end goal of the encryption, if you're just trying to avoid being heard,
it's not encryption but pretty much zero-probability of intercept save state-level actors if you use
certain ISM band radios that have DSS/FHSS modulations.

The now-defunct TriSquare radios were slow hopped FM, an the only real way to decode them
was with a near-field FM receiver which are very uncommon (and not effective at any distance) or
try and guess at one of a thousand hop sets they can use.

Likewise it's pretty unlikely someone is going to grab a conversation using Motorola's DTRs.

Security through obscurity.

How many people are running around with 1.25 meter/220 radios? Of those how many are in your area?

Even on regularly used bands if using voice inversion how many have the knowledge or means to listen in?

The radio community is a very small niche group overall.

The people who even know how to turn a radio on and tune it by hand outside of this community is probably a fraction of a fraction of a percent.  An even smaller number will know how or have the capability to break simple voice inversion.

Hell of you want quiet airways all to yourself even now when the shit isnt hitting the fan go grab a MURS or 220 radio.  Those bands are quiet even on a busy day.

Basically im not saying not to be careful im just saying dont sweat getting too secret squirrel.

It all comes down to who you're hiding from.

Somebody with a baofeng? Inversion scrambler will help you there. Or 220, or even 4 meters - radios that receive there are uncommon in the US, although you can't legally transmit there.

Someone with a cheap handheld scanner? 900 MHz band is still legally blocked so if they haven't popped a few diodes and you hang out in the bottom part of the band you're good.

But anyone with a cheap RTL SDR and half a brain can find all of those. Even FHSS is easily received with a laptop and an SDR.

There are plenty of commercial radios with DES and 3DES boards that can be defeated with similar hardware. A motivated party with a budget will have no problem compromising that and more.

Modern DMR radios with the appropriate entitlement keys for encryption are more secure than any of those, but likely a motivated party can listen in.

A motivated party who can't crack your codes can still do quite a lot with the metadata and some direction finding equipment. Handhelds are necessarily short range and 3 observation posts with yagis can determine exactly where you are.

So in order for this discussion to get anywhere, you need to define who it is you're trying to hide your communications from and for how long.

Sometimes you can get basic encryption through a vendor, sometimes you can get advanced encryption (depending on your region).

Encryption doesn't necessarily mean security. There are different levels of encryption such as 40 bit RC4 (a.k.a. ADP), DES-XL and DES-128 (which are no longer considered secure), and AES-256. Most modern encryption algorithms operate on digital formats but some (DES-OFB?) operate on analog. Most of the federal standards (DES and AES) require an external key-loader per the federal requirement (if you've ever wondered why a key-loader is required). Most of the older, going out of support radios, have separate hardware encryption modules which define the functionality but some of the newer current gen stuff does it all in a divorced hardware board (MACE for APX radios).

The real question, what is secure? Even with 40-bit ADP encryption is an affordable start for many users. However, it can be cracked given enough time and CPU (trade secret...many ADP algorithms are based off an entity's phone number) and regardless, is a reason why keys should be regularly rolled (@TLF @LibertyHillGuy ahem...going on 3+ years now). That being said, that just keeps you from being able to follow the conversation...you can still track the traffic. For example, my local municipality has a secure tac talk group which they dynamically use for sensitive info and while I can't follow the audio, I can follow the conversation via the unit IDs with UniTrunker. Secure also does not mean you can't be DF'd. Also, for a good part just moving to some form of digital modulation can help as your average spectrum scanner likely won't be prepared for it for one reason or another.

My real point...encryption is part of a secure toolbox and should honestly be the last thing you apply to the secure toolbox. Shift your communications around. Define a channel plan and only identify those channels over the air by their tactical names. "Message trunk" or change the channel every message (preferably to a repeater located at a different location which still provides coverage). Try and define common waypoints to avoid giving geographical location info over the air. If you need to pass info where you can't simply say 1 click north of waypoint whiskey or go to channel OP 3, 3 Delta 1, Upper Potato Net, Lower Potato Net, etc then you rely on encryption. There is a great deal of security in obscurity. TLF is probably the only one on the forum who knows what my channel names correlate to and better yet, the digital channels utilize different ID's for each making it more difficult to track (one of the reasons I choose P25 radios over DMR...multiple IDs and multiple systems).

From what I've seen it is very hard to get AES encryption (or expensive) especially on Motorola.  I saw reference to the TYT MD-380 having "basic" encryption which is just a selection of 256 predefined keys, and "enhanced" which lets you specify a key but the actual bit length used is not impressive.  Still, it would keep anybody from listening who is not very sophisticated.  Are you saying you have to pay for this feature, or is the premium license higher grade than the "enhanced" option?

As far as the entire realm of COMSEC and TRANSEC, sometimes you just need encryption. Otherwise it wouldn't exist, would it?

My other thought was modding the SM1000 https://www.rowetel.com/?page_id=3902 to add AES256 or whatever level desired, no begging a company to give you the capability.

Depends on the product. TRBO line is more difficult than the Astro 25 and APX line (software ADP encryption is a flash option and originally it was a "free" offering so Motorola could vendor lock their customers). What's expensive are the hardware modules if you desire advanced encryption. A AES-256 module for a XTS3000 (which has been EOL since 2008) is $900 from Motorola (luckily most of the EFJ 5100's have them in them already).

If you're willing to get off some money, getting Motorola radios with AES-256 and a keyloader for them that has that option is very possible.

It's not exactly cheap by most people's standards but it's easy enough to get there with some money.

You could buy everything you need for that, right now, on ebay, if you wanted to.