[26317] in cryptography@c2.net mail archive
Re: Secure phones from VectroTel?
daemon@ATHENA.MIT.EDU (Jon Callas)
Tue May 23 19:14:35 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <87zmh8bwfp.fsf@snark.piermont.com>
Cc: cryptography@metzdowd.com
From: Jon Callas <jon@callas.org>
Date: Tue, 23 May 2006 13:08:00 -0700
To: Perry E.Metzger <perry@piermont.com>
On 23 May 2006, at 8:19 AM, Perry E. Metzger wrote:
>
> Following the links from a /. story about a secure(?) mobile phone
> VectroTel in Switzerland is selling, I came across the fact that this
> firm sells a full line of encrypted phones.
>
> http://www.vectrotel.ch/
>
> The devices apparently use D-H key exchange to produce a 128 bit AES
> key which is then used as a stream cipher (presumably in OFB or a
> similar mode). Authentication appears to be via a 4 digit pin,
> certainly not the best of mechanisms.
>
> Does anyone out there know much about these products and their
> security properties (or lack thereof)?
>
My guess from looking at the web site is that it's AES-128 counter
mode (but it could be OFB or something like it) derived directly from
a 1K ephemeral DH. My reading from some of the pages is that the four-
digit thing is not that it's a PIN, but a Short Authentication
String, a la ATT3600, Blossom COMSEC phone, PGPfone, and Zfone.
Interestingly, they are doing the encrypted voice over the data channel.
The FAQ notes that they have perfect forward secrecy and no stored
keys. Sadly, they don't release source code and say there will be no
updates. Nonetheless, it passes the sniff test. The limitations on
its use give some further clues about implementation. Half-second
delay, slightly metallic voice, setup time of 10-30s. I have my
guesses on what codec, cpu, and other things they're using from that.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
