Slashdot Mirror
Company Makes Inconspicuous Secure Cellphone
dponce80 writes "With concerns over privacy at an all-time high, it's refreshing to hear that Swiss company VectroTel is making a secure mobile phone. The X8 encrypts secure calls (the unit is also able to make regular calls) with a virtually unbreakable 128-bit key, itself generated through a Diffie-Hellman exchange. While transmission does get somewhat delayed, communication is secure."
Does this mean that Government agencies cannot listen to our oh-so-important phone calls? Typical. Millions if not billions of our tax money wasted if this technology becomes widely adopted.
Except anyone who uses one would probably be labelled a terrorist.
I think it's asking to be broken, and I bet it will be.
Please stop entering code 2,2,7,6,6,4
This is of course useless for phone sex.
Me: "So, what are you wearing?"
Gf: "..."
Me: "What are you wea*"
Gf: "A hot small negli*"
Me: "Sorry, please continue"
(...)
Gf: "A hot small neglige and nothing else"
Me: "*grunt* and then?"
(...)
Gf: "I didn't hear you. What did you say after then?"
Me: "Uh nothing, I was just asking, what do*"
Gf: "Is this thing on? Oh wait now I hear you. Can you repeat?"
Et cetera.
8 of 13 people found this answer helpful. Did you?
Their products page reveal that they have two models (both with encryption). Of course, this is something you _could_ build yourself on top of an ordinary mobile phone, but naturally, it's convenient to just buy one. (On a side note, one of the models is bloated with a camera.)
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
I can see this being useful for governments (and probably
criminals) but is the average man in the street really paranoid
enough to want one? GSM is already encrypted - albeit weakly - but
well enough to stop some telecoms script kiddy hearing what you're
saying , and if you want to stop the government listening in to
your conversations then you're out of luck anyway , since they'll
just bug you some other way.
So whats the point?
isn't WEP also 128 bit?
?giS
Since this cellphone is made in Switzerland, a country that presumably has differing cell phone communication standards than the US does, is it possible to buy and use this cellphone in the US with a normal US carrier? Or would we have to wait and hope for a company to build something similar for the US?
Thanks, and sorry for the ignorance.
In soviet russia, You ask not what country do for you, but what you do for country!
Oh wait...
To protect you from misuse by a third party we secured the crypto functions by a user-determined PIN code
There goes all that security. What is the point of trying to break a 128-bit session key if there is just a simple PIN code to break instead? Looks like someone should have read Bruce Schneier.
-molo
Using your sig line to advertise for friends is lame.
DH is a way to exchange an encryption key over a public network, but it doesn't tell you who you are talking to. GSM calls are never point to point, so there is always a "man in the middle".
I'm not saying it's necessarily snake oil, but the lack of any details certainly doesn't inspire any confidence.
The funny thing is that when PCS technology first emerged, the same claims were made. It was encrypted, and each signal was overlaid with 19 other conversations to make it near-impossible to clone, or eavesdrop, unlike normal digital cell phones.
However, what most people don't know is that the Marine Corps invented PCS technology back in the Viet Nam era, and no doubt the government can listen in if they so decided.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Just in case you didn't RTFA, the phone displays a hash on the display. As long as you read this one to whoever you're talking to, you more-or-less foil a man-in-the-middle attack.
I'm more worried about the proprietry algorithm for the encryption, and how it's implemented. Any conspiracy theorists will still think there's a back door for the government (or swiss secret service?) to listen in.
Anyone with anything really important to say would use GPG on an MP3 and maybe a lashing of stenography on top.
As someone pointed out in this thread about the governments threatening to start demanding private encrytion keys, most mobile phone calls are already encrypted to some degree already, aren't they?
That thread raises another point.. if we don't start defending some of these encroachments on our civil liberties, will this technology ever be used (except by the military and criminals)?
So key exchange by DH, generate a 128-bit key... and the algorithm is?
You can have a 4096-bit key if you want, but if the encryption algorithm is shite it won't make a blind bit of difference.
After digging in the company site, the algorithm used is apparently AES. So why wasn't in mentioned in the article? Ahhh, that's right, most Slashbots get starry-eyed from the phrases "military-grade" and "carrier-grade".
BOOM! HEAD SHOT!
Cryptophone is a company that has been making phones like this for some time already.
They employ some of the smartest crypto people, use well-known algorithms and publish their sources so you can check them yourself.
Reading the comments made me cringe, so here goes....
Some points;
- 128 bit keys are probably good enough, depending on the nature of the conversation. Diffiehellman generates a per-session master secret. To this you would then apply a KDF ( Key Derivation Function ) in order to produce your session key for use with your symmetric cipher, most likely AES or 3DES, maybe even TwoFish. A new master secret is generated every time you make a call, hence the session key changes per call, this is UNLIKE your WEP key, which is constant or one value selected from a set. The consequence of this is that although it is practical to break an 128 bit symmetric key, it is NOT practical to do so in the time interval in which the call is taking place. Hence the encryption applied is strong enough for protecting calls in the short term, although if someone captured the call they could possibly decrypt it at a later date.
- GSM does feature limited cryptography. Unfortunately, and rather amusingly this encrypting is only carried out on radio traffic. Once the data reaches the base station / cell, it is sent in the clear around the cable cellular netork's backbone infrastructure.
This looks like a honeypot to me. Everybody walking out the door there with one of those phones is immediately on the "terrorists watch"-list.
'They' may not know WHAT you're talking about on that phone, but they'll certainly know WHERE you are! An unbreakable phone conversation stands out like a lighthouse in 'their' tracking systems...
A bit of research will reveal the Swiss reputation in this area is in tatters. There are also laws that more or less say phone approval is dependant on law enforcement access.
Notably, none of this is open source, although, cryptolib is there for the taking. One supposes flawed exchanges make the pretense of 128 bit ok to bragg about. No thanks, OpenBSD rocks.
A number of firms have thought about these black boxes, and given up, because they will be 'red-threaded' or not get approval. If they post a deed that they have not 'cooperated' then one might buy for the right to sue later. No deed, no sale.
This is all great but can you trust the person sitting next to you on the bus? The stranger behind you? How many of us have eve's dropped on other peoples conversations?
Cheap UK and US VPS
Does it work with a foil hat?
Verizon Guy: Can you hear me now?
NSA analyst: No
**Life is too short to be serious**
GSM phones with encryption have already existed for a while. (The Siemens S25 that the model in the link is based on was sold around 1999).
A Swedsh company called Sectra has made secure cellphones for years. Their latest model is the only cellphone certified to the security level NATO SECRET by NATO.
t ion/sectra/
http://www.army-technology.com/contractors/naviga
Martin
This seems like a neat little gizmo but I doubt I'll be able to convince my girlfriend, father, sister, friends, etc. to buy one too -- so the encryption feature would actually do something. As nice as the idea is, you still need two of these phones for it to work.
There's a parallel problem with GPG or the like. Since very few people have or want to use it, sending unencrypted e-mail is the only way to communicate with most of the world.
This phone is worse than that, though, since I can download GPG/cyrpto-software-of-your-choice and even install it for someone and show them how to use it -- but I'd have to persuade them to spend money on new hardware (and then convince them to actually use it with the crypto on!) in order to use the features of this phone.
Apathy/Laziness: 1
Discerning Citizens: 0
You assume wrong; the encryption is end-to-end. It will be pretty easy for anyone eavesdropping to tell you're having an encrypted conversation though. And the eavesdroppers can still tell where you are and what numbers you are calling...
If this is not the case and if I were some terrorist, I'd like to have one of those phones and service!
Or, as it turns out, a reporter with confidential sources, or anyone in general who is opposed to current government policy.
Not only you are Anonymous, but these were spoken like a true Coward!!!!
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Like he said, a terrorist.
What they should really call it is the "VectroTel Terrorist PA103." You're either with us, or you're against us.
Freedom fries.
Four more years.
Cryptophone (URL:http://www.cryptophone.de/) has been around for some time.
Even if what you are saying over the phone is 100% secure (No matter ig it is scrabled or you just say a series of numbers)
a terrosist won't be able to use it. Because the first important thing is not what is being said, but to whome you are using.
As cellphones are easy to listen in on to, this is already a good use of the average business man and CEO who is afraid of industrial espionage.
Unfortunatly these are the same people who won't use gpg on their email, because it is too difficult to use.
Drugdealers and such might find it mildly usefull, although buying a (smaller) phonecompany so you know when they start listening in might be a better idea. Just switch numbers at that moment.
Don't fight for your country, if your country does not fight for you.
Too bad it didn't protect him against his wife's secretary using a $30 digital recorder from Radio Shack to tape a conversation incriminating him in the assassination of a former president, but then, *everybody* was having a bad day.
You must think in Russian.
A swiss company? not again!
'i' must be 'h': hashf(y) = i -> hashf(y) = h
I vaguelly remember some investigatory documentary on Discovery or some other such channel where they were investigating how information on a bid by an European company for the rights to explore an oilfield somewhere in Asia had been intercepted by NSA and provided to the competing US companies.
The interesting (not to mention relevant) detail here is that they (the Europeans) where using a supposedly safe mobile phone (made by a Swiss company i believe) which turned out to have a backdoor that allowed NSA to decrypt the calls.
Why should we expect these guys to be any more honest than those other ones where (assuming they're actually not the same ones)?
As i see it, the best way to make sure you have a backdoor free safe phone is to have a generic open-mobile solution, a bit like a mini-PC but for a mobile phone, with an open communications API that allows development and deployment on such a mobile of software which provides the safe communications.
As long as the encryption layer is implemented by the provider and cannot be checked by any independent 3rd party, there is no guarantee whatsoever that it ain't filled with backdoors/weaknesses put there on purpose to allow the sig-int agencies (of one or more countries) to be able to spy on calls made via those mobile phones.
This is silly. The phone can employ all the secure tricks it wants, 128, 256, 1024 bit keys, exotic custom stuff, etc. Makes no difference.
If somebody wants to know what you are saying, they just bug the handset. They have to really want to listen pretty badly and come up with a way to get the phone long enough to mod it, but it can be done, has been done, and been used against assorted targets around the world.
As long as people have to speak into the phone and hear sound from the earpiece, there will be plain old bugs in phones.
Sig for hire.
Regular GSM is encrypted, as you say, although weakly. The GSM encryption encrypts the link from phone to cell tower. This will, in no way, prevent a government wiretap or telco employee with greased palms from intercepting your call after it has been decrypted and put on the network.
This, on the other hand, provides end-to-end encryption, and stronger encryption at that.
www.wavefront-av.com
How much faster do current generation Cell Phone CPU's have to be to do this without a delay and seamlessly. If this was an option that the phone could negotiate transparently AND IF (big if) they made some good looking phones (omg pink ponies) they may have a chance of gaining larger market share but beyond a significant percentage of people using these they wouldnt help with the blanket surveillance problem (none of the people you talk to would be using it)
If you follow the link given above, you'll notice that this phone is based on the NSK 200, where NSK stands for 'Norsk Sterk Krypto', i.e. 'Norwegian Strong Crypto'.
The main problem with this phone is the price, when I looked at it last year we also found that is 900/1800 only, i.e. it won't work on 1900 MHz US networks. The cheapest solution I found is the sw only http://securegsm.com/ which can run on top of several Qtek Windows Mobile cell phones.
Terje
PS. Even though Sweden (Ericsson) and Finland (Nokia) have both made a lot of money from the GSM system, it was actually invented/developed in Norway.
"almost all programming can be viewed as an exercise in caching"
If you want your calls to be secure, you're going to need more than that. Sure, 128 bits is enough to keep someone from decrypting the call easily within a few minutes, but give them a few hours and a small server farm... I'm surprised the phone doesn't come with the options to bump it up to 256 or even 512. 128 bits just doesn't seem like enough anymore.
Maybe I'm just paranoid, and IANACE, but still... The Other Guys have money and resources too, you know.
Love sees no species.
so the shared keys are negotiated through Diffie-Hellman which doesn't have any form of authentication. Are they using DSA/DSS or RSA? Or any other signature algorithms? If not, it would be very easy for Mr. Bush and his evil NSA to do a MITM attack on the DH transfer and get both sides of the conversation.
I should just point out that if you're not using a true randomly-generated pad for encryption and decryption, then it really isn't a one-time pad. At that point it becomes a type of book cipher, because the "key" is really which CD (or book) to use to decrypt with, and the correct starting position (offset or page number).
While using a commercial CD might seem to offer a high-level of security, it's a substantially reduced keyspace from using 600MB of random bits.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Really? I'm not aware of any particular events that are going on at the moment that would make people especially worrried about privacy.
The Sectra phones are designed in Linköping, Sweden. The company started as a spin-off from Linköping University and one of the founders where Viveke Fåk, who if I understand it correctly, does have some really good academic merits in cryptology.
I suspect drug lords will be one of the most eager buyers of this gadget. Lotta money in that demographic.
for now... quantum computing promises the ability to break these virtually unbreakable keys while i'm getting a cup of coffee. if it can be made, it can be broken. it's a universal truth. if we can't break it now, we'll be able to break it later - and you better believe the NSA will be able to break it before you know they can.
Excuse my speling.
Making The Bar Project
seriously.... with DH, anyone can do a MITM attack unless they are using DSA or some other signature algorithm. In the article, it says they show you a "hash" on your cellphone display. A hash of what? A hash of the temporary session key? are you supposed to verbally communicate this to the other person to make sure they agree? That wouldn't make any sense.
They should have just used SSL with a hardware encryption engine and used smart cards for storing the certs.... it's easy to do.... seriously
My understanding of how cell phones work:
a) Alice calls Bob
+ results in a SS7 data message sent accross the PSN (publicly switched network - aka. legacy phone excahnges) to establish a ring on Bob's set.
+ If they're both cell phone users, then there is additional routing accross each users' cellphone networks.
b) Bob answers the call and talks with Alice
+ Cell phones often use u-law for voice/data compression. The PSN transmits at a lossless (unless it's VOIP) 8 sample at 1khz See here
With u-law compression (and other regions of the earth use different compression schemes to account for different intonations of the languages used) how can you reliably send lossless data using these phones?
Doesn't it make more sense that a company would create a bluetooth headset that could do the same thing? This would work with most newer phones. Seems the way to go to me.
They should add a mod for use of "Ummm..." and the like. It's so pretentious. Why can't people just correct someone without the ego-driven need for the um?
Please don't use "umm" or "err" or "erm".
WEP uses 128-bit crypto; even uses a good algorithm. The problem isn't in the number of bits used, because 128 bits is beyond the resources of all but the most well-heeled governments right at the moment for a well designed base algorithm. The problem lies in that they didn't design the whole system solidly- enough of the magic secret to cracking the WEP key is carried on the packets sent out by the clients and AP. It only requires about 1 million packets in hand from the ESSID to zoom the WEP key, no matter HOW many bits you use for the key.
Key exchange is one of the weak links in Crypto systems- always has been.
It remains to be seen if they've got a virtually uncrackable crypto system (It's not beyond the reach of the NSA right at the moment, but it would take effort on their part right now, unlike the situation with DES/Triple-DES...), because the key exchange part is typically the weak link in the chain- I'll believe it when I see it, and I'll only trust it so far...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
There's two things going on here with PCS...
.5-1 million dollar platforms to DO that, mind, but they happen to have the gear.
One of them is frequency hopping, Time or Carrier Division Multiple Access signals (which is fun to track for the average snooper...) and then there's encryption, very much like the crypto TFA refers to.
The first is what you're probably referring to, as the DoD has had THAT tech for some time now and has been extensively using the same. They also happen to have the tech to track, identify, and snoop digital and analog spread spectrum of all kinds. You'd need at least 3
The second the DoD also already have as well. But, unlike the gear the DoD use, the crypto is not handshaked over the air- they typically have physical tokens holding a small amount of flash type memory that hold the keys that get plugged into the crypto modules on the comm gear. Better yet, the PCS services don't even HAVE the crypto turned on- as to why, I'll leave that to speculation as I don't have an answer myself (just good educated guesses...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Got to get my morning IV of caffene in me before posting more often- less opportunities to make stupid mistakes in the post...
What reads as: "But, unlike the gear the DoD use, the crypto is not handshaked over the air- they typically have physical tokens holding a small amount of flash type memory that hold the keys that get plugged into the crypto modules on the comm gear."
Should read as: "But, unlike the gear the DoD use, the crypto is handshaked over the air. The DoD typically uses physical tokens holding a small amount of flash type memory that hold the keys that get plugged into the crypto modules on the comm gear."
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
The thing I have noticed about my own phone usage is this: I mostly call people that I know in the Real World. A PKI would work perfectly, because there are many opportunities for secure key exchange.
And with time, even PK becomes obsolete. As phone storage increases, OTPs would work. Just let my phone sit next to my girlfriend's phone all night, and let the two devices negotiate a few gigs of random pad over a low-power IR link. Why is this team, and also my hero PRZ, using DH when better stuff is around? I mean, maybe DH is good as a backup plan when you don't have someone's public key, but it shouldn't be usual way to get the job done.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
They've got crypto in the protocols and network- but to the best of my knowlege, they don't have it turned on for some reason. They're relying more on the spread spectrum features of the various different PCS/GSM services to make it difficult for the average person to snoop- and since you're signalling back to a central point nearby you that hooks you into the network, they don't need to intercept the cryptoed conversations if they ARE encrypted- they can intercept at at different point in the system without worrying about your keys.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
More and more, it rather feels like "as long as there's booze and boobs, let 'em do what they wanna".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Please, do provide a link. This would be, as far as I know, earth shattering cryptographic news. AES is rated for use for secret data by the US government, banks are using it for sensitive financial transactions. Last I checked, even if we ganged all the computers on earth together, it was still a multi-trillion year process to crack a single key.
Now of course for user-encrypted things you can always try brute forcing passwords, which cuts down on keyspace a ton, but for random keys like this, there's just nothing I'm aware of that does you any good.
It seems a way to circumvent all the regulatory concerns would be to produce a wired headset with the encryption hardware right on the wire. Let the end users buy two or more at once and program the shared key list via USB before deploying them. That way, any phone could be used, even cordless house phones and rentals.
Intelligent Life on Earth
OK, so why does it not surprise me that a Swiss company is the first to do this (at least in public)?
While I may not find other cell phones that can handle this encryption, I sure could use an Asterisk plug-in for the home office/VoIP gateway.
Can you hear me now?
You, sir, must have no ability to imagine or visualize. Don't feel bad; it's a side-effect of the blandness the parent-poster talked about.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
You can bug handsets one-at-a-time at significant risk of getting caught/discovered, but you can't bug all handsets just to troll through all the traffic looking for troublemakers, potential victims, etc. This is the joy of crypto: it makes spying expensive and risky, as it should be, and as the authors of the 4th Amendment intended.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
[Please mod my previous reply down. It's botched.]
There is some information about the algorithms they're using here. That page says that they're using 1024-bit DH to negotiate a 128-bit AES key, then they XOR the output of the AES algorithm with the voice data.
Frankly, I don't trust it.
First of all, neither 1024-bit DH nor 128-bit AES actually give you 128-bit security (i.e. 2^128 complexity). For AES, you need at least 256 bits of key material to get 128 bits of security. I don't know specifically about Diffie-Hellman, but it's similar in structure to RSA, and experts have been recommending at least 2048-bit keys for new designs using RSA for years, and that's not even to get a 128-bit security level. For a true 128-bit security level, you need something like 6100 bits (if I remember correctly), which most people don't use because it's very slow to do in software.
The "XOR" part of the description, while somewhat scary-sounding, might actually be counter mode, which is considered secure for AES and is actually recommended by Bruce Schneier in his book, Practical Cryptography. Or, it might just be XORing the output of a single repeating AES ciphertext block with the entire plaintext datastream, which would be trivially insecure. We really have no way of knowing.
As for authentication, which is often more important than confidentiality (and which may be required for confidentiality)? This is all I could find:
There is no mention of what hash function is being used, nor of what is being hashed. Furthermore, people who talk about "HASH" -- in all-caps, as if HASH is an algorithm itself -- clearly don't know what they're doing. It might just be Vecrotel's marketing department messing things up. Or, it could be a more fundamental lack of expertise within the company. Who knows?
Have a look at the Vecrotel FAQ:
Totally unacceptable.
If those really are "frequently-asked questions", those responses are simply arrogant. The company has clearly adopted a "trust us" mentality. If I was willing to blindly trust other companies, I wouldn't be looking for a secure phone!
Crypto products are like voting machines. If their operation is not independently verifiable, then they simply cannot be trusted.
As an interesting side note, I don't see any FIPS certifications.
I smell snake oil.
http://outcampaign.org/
And I'll buy one. I HATE Cameras in phones, because it means I'm forced at times to leave it in my car (some of the places I work do not allow cameras).
But I like the idea of encrypted calls, just like I like the idea of encrypted email. Yeah maybe I don't have anything secret to talk about, but my conversations aren't anyone else's business! Period.
... is why I wish the inventor of PGP, of all things, would've implemented something like that for phone calls. Yes, it takes more time to set up initially, but once set up, you'll never have that problem, nor will you have the problem of forgetting to turn crypto on when the conversation moves from milk to erotic breast milk to politics and so on...
Don't thank God, thank a doctor!
It's actually driven by my own difficulty, sometimes, in trying to understand a particular dialect of stupid.
Or, in less insulting terms, people tend to make up for a lack of knowledge about tech by inventing it as they need it. Thus, they assume their laptop comes with free wireless Internet, because it automatically connects to their neighbor's unsecured access point. So, the first steps of the conversation will be figuring exactly what it is they think they have, and what they really do have, in terms of Internet access. It's not necessarily a fault on the part of the user that they don't know that they don't know where their Internet comes from (and that they're stealing it), but it makes for frustrating and amusing techsupport calls.
So, when someone says "All laptops come with free Wireless Internet!" I say "Um..." not to be condescending, although the user may deserve it, but because I'm frantically trying to figure out where they could've gotten that impression, what kind of Internet they actually have, and how to best explain the issue without (heh) sounding too condescending, but also without making the issue too complex.
Now, your question made enough sense that I could respond to it directly and immediately, because your misconception was right there in the question/suggestion -- I didn't have to spend a minute figuring it out.
When I say "um" in that way, I'm in no way commenting on the relative intelligence of a question/comment. I'm just expressing how much work it's going to take before I can even get the question on familiar terms. Sometimes it implies that you're actually smarter than me, and you've used terminology I haven't heard yet -- and sometimes it means you're less knowledgeable than me, and you've invented terminology for things you don't really know about.
Don't thank God, thank a doctor!
Just curious...
Longer call setup time, I get. Latency, I don't, unless you assume the cell phones themselves are slow.
Don't thank God, thank a doctor!
Have the phone remember public keys, once a connection has been made.
Provide a means to exchange keys initially either by connecting with read-the-hash-verbally-over-the-line, or a physical way of linking them together. This would probably be better, as from what I've seen, people usually exchange cell phone numbers face-to-face, with one person typing it into their phone for storage.
Imagine: You plug two phones together, via USB or some new standard interface. Phones exchange phone numbers (or IP addresses) and public keys. All you have to enter now is the name of the person to file the number as in your address book.
It's now significantly easier to setup secure connections than it used to be to seup any connection, assuming the physical aspect is easy enough -- and people don't seem to have problems with their iPods, so how hard can this be? It's also more secure than reading over the phone, because if you're physically there, you have more than just voice to verify that this person is who you think they are.
And it took me maybe 10 mins, because I had to type it up.
By the way, I seriously doubt any group of cryptographers were involved, certainly not in the design phase. Looks like they just designed a phone and ripped off zFone's idea, so yes, given what I know about zFone, I could easily have designed a similar phone. And zFone wasn't designed for cell phones, it was designed to be universal, meaning it has to deal with non-portable computers with headsets, meaning it couldn't capitalize on how easy it is to get two cell phones physically close to each other.
But, zFone brings up an important question -- will these interoperate? They damn well better, or I'll stick to my PGP email.
Don't thank God, thank a doctor!
Diffie-Hellman key exchange is pathetically vulnerable to man in the middle attack. Most times, an assumption is made when using a protocol like DH for key exchange that getting "in the middle" would be hard for a malicious party. But when that malicious party is your ISP/Verzon/AT&T, you have absolutely NO protection. They will simply initiate DH key exchange with both you and your terrorist mom when you pick up your "secure phone" and call her. You, mom, and NSA are the only parties that will understand what is being said. It doesn't matter about 128 bits or 973262 bits or bugging the phone or listening over your shoulder. Bottom line: If you need to exchange your key over the network before you can trust that person then you are already pwned by your telco/ISP befor you say another word.
Assuming that one could build a machine that could recover a DES key in a second, it would take that machine approximately 149 trillion years to crack a 128-bit AES key. ...assuming a classical computer. I don't pretend to know how they work but quantum computers are much faster at this kind of task. Given the progress the academic community is making, and the meme that the NSA is always 20 years ahead... just maybe.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
This reminds me of a X-Files episode http://www.redwolf.com.au/xfiles/season04/4x07.htm l.
Mulder: "I've been here twenty minutes and I still don't know what the hell is wrong. No one would kill you, Frohike. You're just a little puppy-dog."
Frohike: "I don't utter another syllable until the CSM-25 counter measures filter is activated."
[The signal goes fuzzy, the Smoking Man switches on the counter measures counter measure and the signal clears]
Byers: "No electronic surveillance known can cut through the CSM-25."
Scully: "Okay. Okay. Now tell us what you're so close to."
Whoever has the job of listening to my phone calls has a worse job than I do and a worse life. The only thing worse than having issues is being forced to listen to someone else's issue that you can neither control, nor bring yourself to care about...g-men, are you listening? I'm going to the gas station to fill up my SUV, then I'm going to get milk on my way home...at which point I'll change my daughter's diaper, eat, and go to bed at 9:30...enjoy your job of listening to my laundry list. Listen closely, lest you miss the scorching details of my trip to Bed Bath & Beyond and maybe Home Depot if we have the time.
With Cryptophone and SecureGSM operating with larger keys why would anyone buy this? Both use military grade encryption. Vectrotel do your homework before releasing an inferior product!
Also as mentioned by another user you must release both hardware and software documents to prove there are no hidden features to monitor the secure call.
See also NAH6