[26315] in cryptography@c2.net mail archive
Re: Secure phones from VectroTel?
daemon@ATHENA.MIT.EDU (Alex Pankratov)
Tue May 23 19:14:02 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 23 May 2006 09:50:05 -0700
From: Alex Pankratov <ap@hamachi.cc>
In-reply-to: <87zmh8bwfp.fsf@snark.piermont.com>
To: cryptography@metzdowd.com
Perry E. Metzger wrote:
> Following the links from a /. story about a secure(?) mobile phone
> VectroTel in Switzerland is selling, I came across the fact that this
> firm sells a full line of encrypted phones.
>
> http://www.vectrotel.ch/
>
> The devices apparently use D-H key exchange to produce a 128 bit AES
> key which is then used as a stream cipher (presumably in OFB or a
> similar mode). Authentication appears to be via a 4 digit pin,
> certainly not the best of mechanisms.
According to -
http://www.ohgizmo.com/2006/05/22/vectrotel-provides-secure-mobile-communications/
> Additional security and integrity is ensured by a calculated
> HASH checksum that is indicated on the display.
>
> To protect you from misuse by a third party we secured the
> crypto functions by a user-determined PIN code
PINs are not used for phone-to-phone authentication, only user-to-phone.
Though the article is full of obvious mistakes, so they might've gotten
this part wrong too.
Alex
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
