[26313] in cryptography@c2.net mail archive
Re: Secure phones from VectroTel?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue May 23 19:13:24 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 23 May 2006 11:49:11 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <87zmh8bwfp.fsf@snark.piermont.com>
On Tue, 23 May 2006 11:19:38 -0400, "Perry E. Metzger"
<perry@piermont.com> wrote:
>
> Following the links from a /. story about a secure(?) mobile phone
> VectroTel in Switzerland is selling, I came across the fact that this
> firm sells a full line of encrypted phones.
>
> http://www.vectrotel.ch/
>
> The devices apparently use D-H key exchange to produce a 128 bit AES
> key which is then used as a stream cipher (presumably in OFB or a
> similar mode). Authentication appears to be via a 4 digit pin,
> certainly not the best of mechanisms.
>
A 4-digit PIN using EKE or its successors can be a fine thing for a voice
phone -- it's rather hard to brute-force when the other end can't keep
up... In fact, we mentioned that in our original EKE paper.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
