PGP Creator's Zfone Encrypts VoIP

Philip Zimmermann, creator of PGP wrote in to tell me about Zfone, his new system for encrypting any SIP VoIP voice stream. His first release is Mac & Linux only. I tested it with him using Gizmo as our client and it was pretty trivial to use. While it should work on most any SIP compatible VoIP client, he hopes that clients like OpenWengo and Gizmo will incorporate Zfone directly into the UI. Zfone has no centralization, and has been submitted to the IETF. He hasn't yet determined a license, but he believes strongly in releasing source code for all encryption products. A windows client is forthcoming.

Important Stuff

[WebHostingGuy]

This is important stuff as more and more phone traffic is routing open in the internet. While most people do not believe their emails are totally private, when it comes to talking on the phone I believe there is a perception (and assumption) that no one else is listening. SIP, Asterisk and all the flavors of VOIP is changing telecom and encryption is necessary.

Re:My only concern

I'd say it's dissapointing that the post had to link to a definition of Luddite in the first place.

Re:Releasing the source

[HolyCrapSCOsux]

Wouldn't that kinda be the point?

Checksums, distro needs sigged.

As there is no cryptographic signature on the package, these are my sums
as received. Please compare and post if yours are different.

SHA1 (zfone-linux.tar.gz) = aa9ac66a5dce43cff2639787f30e939078b47ebe
MD5 (zfone-linux.tar.gz) = c6a47feca0fd5cb5bf72a8f6a1e8f207

PRZ, please sign your packages! Thanks, World.

I agree, it is hugely important

[maillemaker]

Hopefully, this will be the straw that breaks the camel's back.

Ultimately, ALL traffic should be encrypted, whether it is VOIP, email, web browsing, whatever.

The guy is right when on his home page he talks about how it is so difficult to implement this sort of stuff as an add-on for emails, managing keys and the like. It's why no one does it. Of course, there has always been a computing overhead, also, which is why only pages that "need" to be secured currently are. But as horsepower goes up, those limitations should go away.

Ultimately, it should be a matter of course before all traffic that goes in our out of your computer is encrypted by default.

Hopefully this is the start of something huge!

Steve

Re:Why not encrypt by default

[Noksagt]

• Technological
  
  • Encryption implementation isn't free.
    
  • Encryption maintenance isn't free.
    
  • Unencrypted traffic is easier to sniff (which may be legitimately important).
    
  • Encrypyed traffic has a higher CPU overhead (which isn't always made up for).
    
  • Some people prefer to have one really good encryption program (SSH or a VPN) to route all traffic over.
    
  
  
• Legal
  
  • Encryption can't always be exported from every country to every other country.
    
  • Sometimes it may be illegal to encrypt traffic.
    
  
  

Re:Phil and Jon

[Jah-Wren+Ryel]

He's released cracks for various pieces of software, but it's not like the guy's actually broken actual strong encryption algos.

And such 'cracks' are the best way to attack otherwise strong crypto-systems - don't try to crack an algorithm -- crack the implementation. Look for the vulnerabilities in the systems that use strong cryptography and find the back-doors, or break in a hole in the wall, but trying to go mano-a-mano with the entire crypto community isn't a smart thing and you are exactly right -- that isn't what DVD-Jon has ever done.

Not that I would imply that CSS is a strong algorithm, it ain't. But the new stuff for BLU-HD-RAY uses AES and the stuff that the Zim-man is using to security VOIP also uses tried and true crypto algorithms. That doesn't mean there won't be flaws in the implementations that can be exploited and Jon-Jon He's Our Man, If He Can't Exploit It, No One Can!!! Yeah Jon. Or something like that.