Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted Cell Phone Hits the Market

Posted by michael on from the tony-soprano dept.

notshannon writes "Reuters reports about a new cell phone which automatically encrypts communications. Of course, the matching handset will decrypt the message. Security doesn't come cheap, around $4000 per pair, but it's probably as reliable as anyone in these parts could wish. Favorite quote: 'We allow everyone to check the security for themselves, because we're the only ones who publish the source code,' said Rop Gonggrijp at Amsterdam-based NAH6. Amusingly, the article cites government.nl and not nsa.gov as the world's most prolific phone tapper."

4 of 266 comments (clear)

  1. can you hear me now? by Anonymous Coward · · Score: 5, Funny

    that will become " ? nac uoy reah em won"

  2. More information by DerOle · · Score: 5, Informative

    see this page for further information (in English).

  3. no by SweetAndSourJesus · · Score: 5, Funny

    real slashdotters don't have anyone to call in the first place

    --

    --
    the strongest word is still the word "free"
  4. How will you verify keys? by whois · · Score: 5, Insightful

    Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

    The good news is that if people really understood crypto, key exchange would be easy. You meet in person, establish a bluetooth link, swap public keys and verify fingerprints.

    The bad news is that nobody will do this, or the phone won't support it (article didn't say how key exchange happens)

    So when Joe calls and it says "incoming encrypted call" are you going to answer it because you know and like Joe, even though you've never exchanged keys with him?

    Key exchange can't be done through a trusted third party (except the company you work for) because there is no trusted third party. Even if you trust Bob, and he trusts Mary, you don't know where their dirty phones have been.

    If your work is the trusted third party, they'll probably hold copies of your private keys so calls can be monitored later if needed. (Hopefully the phone ethier allows you to generate a new key whenever you want, or doesn't allow exporting of it's private key. Hopefully both)

    Don't get me wrong, I want one. Real bad, but not $4k bad, not to test out someones (probably flawed) cryptosystem.

    Even if they understand crypto and got it right, the user still has to understand it to make it all work.

    If I had about 10 of these I'd give one to each of my friends and make sure they only accept encrypted calls from known keys. I'd also make the screen light up in red or green or something to show it's an encrypted call.

    Then we could talk about Joe behind his back, with no chance of interception from governments.

    So yeah, anyone got a real use for these?