Slashdot Mirror
Company Makes Inconspicuous Secure Cellphone
dponce80 writes "With concerns over privacy at an all-time high, it's refreshing to hear that Swiss company VectroTel is making a secure mobile phone. The X8 encrypts secure calls (the unit is also able to make regular calls) with a virtually unbreakable 128-bit key, itself generated through a Diffie-Hellman exchange. While transmission does get somewhat delayed, communication is secure."
Does this mean that Government agencies cannot listen to our oh-so-important phone calls? Typical. Millions if not billions of our tax money wasted if this technology becomes widely adopted.
Except anyone who uses one would probably be labelled a terrorist.
I think it's asking to be broken, and I bet it will be.
Please stop entering code 2,2,7,6,6,4
This is of course useless for phone sex.
Me: "So, what are you wearing?"
Gf: "..."
Me: "What are you wea*"
Gf: "A hot small negli*"
Me: "Sorry, please continue"
(...)
Gf: "A hot small neglige and nothing else"
Me: "*grunt* and then?"
(...)
Gf: "I didn't hear you. What did you say after then?"
Me: "Uh nothing, I was just asking, what do*"
Gf: "Is this thing on? Oh wait now I hear you. Can you repeat?"
Et cetera.
8 of 13 people found this answer helpful. Did you?
Their products page reveal that they have two models (both with encryption). Of course, this is something you _could_ build yourself on top of an ordinary mobile phone, but naturally, it's convenient to just buy one. (On a side note, one of the models is bloated with a camera.)
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
isn't WEP also 128 bit?
?giS
Since this cellphone is made in Switzerland, a country that presumably has differing cell phone communication standards than the US does, is it possible to buy and use this cellphone in the US with a normal US carrier? Or would we have to wait and hope for a company to build something similar for the US?
Thanks, and sorry for the ignorance.
In soviet russia, You ask not what country do for you, but what you do for country!
Oh wait...
To protect you from misuse by a third party we secured the crypto functions by a user-determined PIN code
There goes all that security. What is the point of trying to break a 128-bit session key if there is just a simple PIN code to break instead? Looks like someone should have read Bruce Schneier.
-molo
Using your sig line to advertise for friends is lame.
DH is a way to exchange an encryption key over a public network, but it doesn't tell you who you are talking to. GSM calls are never point to point, so there is always a "man in the middle".
I'm not saying it's necessarily snake oil, but the lack of any details certainly doesn't inspire any confidence.
The funny thing is that when PCS technology first emerged, the same claims were made. It was encrypted, and each signal was overlaid with 19 other conversations to make it near-impossible to clone, or eavesdrop, unlike normal digital cell phones.
However, what most people don't know is that the Marine Corps invented PCS technology back in the Viet Nam era, and no doubt the government can listen in if they so decided.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Just in case you didn't RTFA, the phone displays a hash on the display. As long as you read this one to whoever you're talking to, you more-or-less foil a man-in-the-middle attack.
I'm more worried about the proprietry algorithm for the encryption, and how it's implemented. Any conspiracy theorists will still think there's a back door for the government (or swiss secret service?) to listen in.
Anyone with anything really important to say would use GPG on an MP3 and maybe a lashing of stenography on top.
Cryptophone is a company that has been making phones like this for some time already.
They employ some of the smartest crypto people, use well-known algorithms and publish their sources so you can check them yourself.
Reading the comments made me cringe, so here goes....
Some points;
- 128 bit keys are probably good enough, depending on the nature of the conversation. Diffiehellman generates a per-session master secret. To this you would then apply a KDF ( Key Derivation Function ) in order to produce your session key for use with your symmetric cipher, most likely AES or 3DES, maybe even TwoFish. A new master secret is generated every time you make a call, hence the session key changes per call, this is UNLIKE your WEP key, which is constant or one value selected from a set. The consequence of this is that although it is practical to break an 128 bit symmetric key, it is NOT practical to do so in the time interval in which the call is taking place. Hence the encryption applied is strong enough for protecting calls in the short term, although if someone captured the call they could possibly decrypt it at a later date.
- GSM does feature limited cryptography. Unfortunately, and rather amusingly this encrypting is only carried out on radio traffic. Once the data reaches the base station / cell, it is sent in the clear around the cable cellular netork's backbone infrastructure.
This is all great but can you trust the person sitting next to you on the bus? The stranger behind you? How many of us have eve's dropped on other peoples conversations?
Cheap UK and US VPS
Belts and braces? Prehaps every little bit helps. If someone really want to hear you won't stop them but it will add an extra bit of armour to you
Cheap UK and US VPS
Does it work with a foil hat?
Verizon Guy: Can you hear me now?
NSA analyst: No
**Life is too short to be serious**
A Swedsh company called Sectra has made secure cellphones for years. Their latest model is the only cellphone certified to the security level NATO SECRET by NATO.
t ion/sectra/
http://www.army-technology.com/contractors/naviga
Martin
To paraphrase the saying, "it's not paranoia if you're actually being watched."
The reason to encrypt is not to make it impossible for investigators to hear you -- because, as you said, they can bug you in some other way. The reason is to make it impractical to do widespread monitoring of innocent people. When all calls are encrypted, investigators have to do a little actual work to bug a call, so it's impossible to instantly tap all the innocent callers as they'd like.
And if you've been following current events at all, you'll notice that a large portion of America isn't nearly as "paranoid" as it should be.
This seems like a neat little gizmo but I doubt I'll be able to convince my girlfriend, father, sister, friends, etc. to buy one too -- so the encryption feature would actually do something. As nice as the idea is, you still need two of these phones for it to work.
There's a parallel problem with GPG or the like. Since very few people have or want to use it, sending unencrypted e-mail is the only way to communicate with most of the world.
This phone is worse than that, though, since I can download GPG/cyrpto-software-of-your-choice and even install it for someone and show them how to use it -- but I'd have to persuade them to spend money on new hardware (and then convince them to actually use it with the crypto on!) in order to use the features of this phone.
Apathy/Laziness: 1
Discerning Citizens: 0
You assume wrong; the encryption is end-to-end. It will be pretty easy for anyone eavesdropping to tell you're having an encrypted conversation though. And the eavesdroppers can still tell where you are and what numbers you are calling...
If this is not the case and if I were some terrorist, I'd like to have one of those phones and service!
Or, as it turns out, a reporter with confidential sources, or anyone in general who is opposed to current government policy.
Not only you are Anonymous, but these were spoken like a true Coward!!!!
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Like he said, a terrorist.
It's far, far easier for the government to bug all the phone lines (as they're currently doing, I might add) at a central point, and then plug in to someone's conversations at will. If you're using an encrypted phone, then Echelon / Carnivore / AT&T / Dubya's Latest Secret Illegal Wiretap can't listen in. The government have to break in to your house, take a screwdriver to your phone and physically bug the thing.
Can the government spy on everybody by bugging the telephone exchange? Yes, easily, and they're doing just that. Can the government spy on everybody by secretly bugging every last individual phone? No, it would be prohibitively expensive. Have the NSA burgle every single house individually and fiddle every single phone? Impossible.
Encrypting phone calls makes it enormously more expensive and difficult for the government to spy on you. That's got to be a good thing.
Real Daleks don't climb stairs - they level the building.
Cryptophone (URL:http://www.cryptophone.de/) has been around for some time.
So pay with cash and put a pay as you go SIM card in it. They'll more than likely be able to tell that you are using one of these phones by looking at the packets it's sending and from there they can find out the details of the SIM card and the phone's IMEI (serial) number, but if the SIM and the handset are then just linked to 'Random cash purchase' when they start digging there's not much they can do.
Even if what you are saying over the phone is 100% secure (No matter ig it is scrabled or you just say a series of numbers)
a terrosist won't be able to use it. Because the first important thing is not what is being said, but to whome you are using.
As cellphones are easy to listen in on to, this is already a good use of the average business man and CEO who is afraid of industrial espionage.
Unfortunatly these are the same people who won't use gpg on their email, because it is too difficult to use.
Drugdealers and such might find it mildly usefull, although buying a (smaller) phonecompany so you know when they start listening in might be a better idea. Just switch numbers at that moment.
Don't fight for your country, if your country does not fight for you.
Too bad it didn't protect him against his wife's secretary using a $30 digital recorder from Radio Shack to tape a conversation incriminating him in the assassination of a former president, but then, *everybody* was having a bad day.
You must think in Russian.
'i' must be 'h': hashf(y) = i -> hashf(y) = h
I vaguelly remember some investigatory documentary on Discovery or some other such channel where they were investigating how information on a bid by an European company for the rights to explore an oilfield somewhere in Asia had been intercepted by NSA and provided to the competing US companies.
The interesting (not to mention relevant) detail here is that they (the Europeans) where using a supposedly safe mobile phone (made by a Swiss company i believe) which turned out to have a backdoor that allowed NSA to decrypt the calls.
Why should we expect these guys to be any more honest than those other ones where (assuming they're actually not the same ones)?
As i see it, the best way to make sure you have a backdoor free safe phone is to have a generic open-mobile solution, a bit like a mini-PC but for a mobile phone, with an open communications API that allows development and deployment on such a mobile of software which provides the safe communications.
As long as the encryption layer is implemented by the provider and cannot be checked by any independent 3rd party, there is no guarantee whatsoever that it ain't filled with backdoors/weaknesses put there on purpose to allow the sig-int agencies (of one or more countries) to be able to spy on calls made via those mobile phones.
This is silly. The phone can employ all the secure tricks it wants, 128, 256, 1024 bit keys, exotic custom stuff, etc. Makes no difference.
If somebody wants to know what you are saying, they just bug the handset. They have to really want to listen pretty badly and come up with a way to get the phone long enough to mod it, but it can be done, has been done, and been used against assorted targets around the world.
As long as people have to speak into the phone and hear sound from the earpiece, there will be plain old bugs in phones.
Sig for hire.
Regular GSM is encrypted, as you say, although weakly. The GSM encryption encrypts the link from phone to cell tower. This will, in no way, prevent a government wiretap or telco employee with greased palms from intercepting your call after it has been decrypted and put on the network.
This, on the other hand, provides end-to-end encryption, and stronger encryption at that.
www.wavefront-av.com
How much faster do current generation Cell Phone CPU's have to be to do this without a delay and seamlessly. If this was an option that the phone could negotiate transparently AND IF (big if) they made some good looking phones (omg pink ponies) they may have a chance of gaining larger market share but beyond a significant percentage of people using these they wouldnt help with the blanket surveillance problem (none of the people you talk to would be using it)
If you follow the link given above, you'll notice that this phone is based on the NSK 200, where NSK stands for 'Norsk Sterk Krypto', i.e. 'Norwegian Strong Crypto'.
The main problem with this phone is the price, when I looked at it last year we also found that is 900/1800 only, i.e. it won't work on 1900 MHz US networks. The cheapest solution I found is the sw only http://securegsm.com/ which can run on top of several Qtek Windows Mobile cell phones.
Terje
PS. Even though Sweden (Ericsson) and Finland (Nokia) have both made a lot of money from the GSM system, it was actually invented/developed in Norway.
"almost all programming can be viewed as an exercise in caching"
If you want your calls to be secure, you're going to need more than that. Sure, 128 bits is enough to keep someone from decrypting the call easily within a few minutes, but give them a few hours and a small server farm... I'm surprised the phone doesn't come with the options to bump it up to 256 or even 512. 128 bits just doesn't seem like enough anymore.
Maybe I'm just paranoid, and IANACE, but still... The Other Guys have money and resources too, you know.
Love sees no species.
There's not much they can do except trace where the phone and cards were bought, use the ever-present security videos to pick you out of the crowd, use the locations and times of your purchases to form a pattern of your activities, and anticipate where and when you'll be going to buy your next top-up card.
Slashdot Burying Stories About Slashdot Media Owned
I should just point out that if you're not using a true randomly-generated pad for encryption and decryption, then it really isn't a one-time pad. At that point it becomes a type of book cipher, because the "key" is really which CD (or book) to use to decrypt with, and the correct starting position (offset or page number).
While using a commercial CD might seem to offer a high-level of security, it's a substantially reduced keyspace from using 600MB of random bits.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Really? I'm not aware of any particular events that are going on at the moment that would make people especially worrried about privacy.
for now... quantum computing promises the ability to break these virtually unbreakable keys while i'm getting a cup of coffee. if it can be made, it can be broken. it's a universal truth. if we can't break it now, we'll be able to break it later - and you better believe the NSA will be able to break it before you know they can.
Excuse my speling.
Making The Bar Project
I expect more than 61 Google results to consider a nation's reputation "in tatters"... especially when 90% of the results appear to be newsgroup archives and the rest all link to one not-particularly-reputable-looking site that cites no sources.
My understanding of how cell phones work:
a) Alice calls Bob
+ results in a SS7 data message sent accross the PSN (publicly switched network - aka. legacy phone excahnges) to establish a ring on Bob's set.
+ If they're both cell phone users, then there is additional routing accross each users' cellphone networks.
b) Bob answers the call and talks with Alice
+ Cell phones often use u-law for voice/data compression. The PSN transmits at a lossless (unless it's VOIP) 8 sample at 1khz See here
With u-law compression (and other regions of the earth use different compression schemes to account for different intonations of the languages used) how can you reliably send lossless data using these phones?
In the article, it says they show you a "hash" on your cellphone display. A hash of what? A hash of the temporary session key? are you supposed to verbally communicate this to the other person to make sure they agree? That wouldn't make any sense.
That is exactly what they mean, and it makes perfect sense. It's a cheap and simple solution, which does not require any smart cards or certificates, which would make the whole thing inconvenient enough to be nearly unusuable.
But hey, maybe you're right, I'm sure Joe Q. Slashdot can think up a much better solution in five minutes than any group of cryptographers can over the whole developement cycle of an actual commercial product.
They should add a mod for use of "Ummm..." and the like. It's so pretentious. Why can't people just correct someone without the ego-driven need for the um?
Please don't use "umm" or "err" or "erm".
WEP uses 128-bit crypto; even uses a good algorithm. The problem isn't in the number of bits used, because 128 bits is beyond the resources of all but the most well-heeled governments right at the moment for a well designed base algorithm. The problem lies in that they didn't design the whole system solidly- enough of the magic secret to cracking the WEP key is carried on the packets sent out by the clients and AP. It only requires about 1 million packets in hand from the ESSID to zoom the WEP key, no matter HOW many bits you use for the key.
Key exchange is one of the weak links in Crypto systems- always has been.
It remains to be seen if they've got a virtually uncrackable crypto system (It's not beyond the reach of the NSA right at the moment, but it would take effort on their part right now, unlike the situation with DES/Triple-DES...), because the key exchange part is typically the weak link in the chain- I'll believe it when I see it, and I'll only trust it so far...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
There's two things going on here with PCS...
.5-1 million dollar platforms to DO that, mind, but they happen to have the gear.
One of them is frequency hopping, Time or Carrier Division Multiple Access signals (which is fun to track for the average snooper...) and then there's encryption, very much like the crypto TFA refers to.
The first is what you're probably referring to, as the DoD has had THAT tech for some time now and has been extensively using the same. They also happen to have the tech to track, identify, and snoop digital and analog spread spectrum of all kinds. You'd need at least 3
The second the DoD also already have as well. But, unlike the gear the DoD use, the crypto is not handshaked over the air- they typically have physical tokens holding a small amount of flash type memory that hold the keys that get plugged into the crypto modules on the comm gear. Better yet, the PCS services don't even HAVE the crypto turned on- as to why, I'll leave that to speculation as I don't have an answer myself (just good educated guesses...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Got to get my morning IV of caffene in me before posting more often- less opportunities to make stupid mistakes in the post...
What reads as: "But, unlike the gear the DoD use, the crypto is not handshaked over the air- they typically have physical tokens holding a small amount of flash type memory that hold the keys that get plugged into the crypto modules on the comm gear."
Should read as: "But, unlike the gear the DoD use, the crypto is handshaked over the air. The DoD typically uses physical tokens holding a small amount of flash type memory that hold the keys that get plugged into the crypto modules on the comm gear."
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
The thing I have noticed about my own phone usage is this: I mostly call people that I know in the Real World. A PKI would work perfectly, because there are many opportunities for secure key exchange.
And with time, even PK becomes obsolete. As phone storage increases, OTPs would work. Just let my phone sit next to my girlfriend's phone all night, and let the two devices negotiate a few gigs of random pad over a low-power IR link. Why is this team, and also my hero PRZ, using DH when better stuff is around? I mean, maybe DH is good as a backup plan when you don't have someone's public key, but it shouldn't be usual way to get the job done.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
They've got crypto in the protocols and network- but to the best of my knowlege, they don't have it turned on for some reason. They're relying more on the spread spectrum features of the various different PCS/GSM services to make it difficult for the average person to snoop- and since you're signalling back to a central point nearby you that hooks you into the network, they don't need to intercept the cryptoed conversations if they ARE encrypted- they can intercept at at different point in the system without worrying about your keys.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
More and more, it rather feels like "as long as there's booze and boobs, let 'em do what they wanna".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Please, do provide a link. This would be, as far as I know, earth shattering cryptographic news. AES is rated for use for secret data by the US government, banks are using it for sensitive financial transactions. Last I checked, even if we ganged all the computers on earth together, it was still a multi-trillion year process to crack a single key.
Now of course for user-encrypted things you can always try brute forcing passwords, which cuts down on keyspace a ton, but for random keys like this, there's just nothing I'm aware of that does you any good.
It seems a way to circumvent all the regulatory concerns would be to produce a wired headset with the encryption hardware right on the wire. Let the end users buy two or more at once and program the shared key list via USB before deploying them. That way, any phone could be used, even cordless house phones and rentals.
Intelligent Life on Earth
OK, so why does it not surprise me that a Swiss company is the first to do this (at least in public)?
Do you really, really think the people who developed this had never heard of certificates and smart cards? They chose not to do this because it is very bad solution. CA's are a dismal failure, and they can guarantee nothing except that you have enough money to pay them.
Meanwhile, the hash solution is quick, simple and secure, requiring no secure exchange of secrets beforehand, nor trusting completely unreliable CAs. Zfone uses the exact same method: http://www.philzimmermann.com/EN/zfone/index.html
But maybe you know something about these matters that Phil Zimmerman doesn't?
You, sir, must have no ability to imagine or visualize. Don't feel bad; it's a side-effect of the blandness the parent-poster talked about.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
You can bug handsets one-at-a-time at significant risk of getting caught/discovered, but you can't bug all handsets just to troll through all the traffic looking for troublemakers, potential victims, etc. This is the joy of crypto: it makes spying expensive and risky, as it should be, and as the authors of the 4th Amendment intended.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Frankly, I don't trust it.
First of all, neither 1024-bit DH nor 128-bit AES actually give you 2^128 complexity. For AES, you need at least 256 bits of key material to get 128 bits of security. I don't know specifically about diffie-hellman, but it's very similar in structure to RSA, and experts have been recommending at least 2048-bit keys for RSA for years now.
The "XOR" part of the description, while somewhat scary-sounding, might actually be counter mode, which is considered secure for AES and is actually recommended by Bruce Schneier in his book, Practical Cryptography. Or, it might just be XORing the output of a single AES ciphertext block with the entire plaintext datastream. We really have no way of knowing.
Have a look at the Vecrotel FAQ:
Totally unacceptable.
If those really are "frequently-asked questions", those responses are simply arrogant. The has clearly adopted a "trust us" mentality, which just doesn't work with people who want strong security. I also don't see any FIPS certifications anywhere.
I smell snake oil.
http://outcampaign.org/
[Please mod my previous reply down. It's botched.]
There is some information about the algorithms they're using here. That page says that they're using 1024-bit DH to negotiate a 128-bit AES key, then they XOR the output of the AES algorithm with the voice data.
Frankly, I don't trust it.
First of all, neither 1024-bit DH nor 128-bit AES actually give you 128-bit security (i.e. 2^128 complexity). For AES, you need at least 256 bits of key material to get 128 bits of security. I don't know specifically about Diffie-Hellman, but it's similar in structure to RSA, and experts have been recommending at least 2048-bit keys for new designs using RSA for years, and that's not even to get a 128-bit security level. For a true 128-bit security level, you need something like 6100 bits (if I remember correctly), which most people don't use because it's very slow to do in software.
The "XOR" part of the description, while somewhat scary-sounding, might actually be counter mode, which is considered secure for AES and is actually recommended by Bruce Schneier in his book, Practical Cryptography. Or, it might just be XORing the output of a single repeating AES ciphertext block with the entire plaintext datastream, which would be trivially insecure. We really have no way of knowing.
As for authentication, which is often more important than confidentiality (and which may be required for confidentiality)? This is all I could find:
There is no mention of what hash function is being used, nor of what is being hashed. Furthermore, people who talk about "HASH" -- in all-caps, as if HASH is an algorithm itself -- clearly don't know what they're doing. It might just be Vecrotel's marketing department messing things up. Or, it could be a more fundamental lack of expertise within the company. Who knows?
Have a look at the Vecrotel FAQ:
Totally unacceptable.
If those really are "frequently-asked questions", those responses are simply arrogant. The company has clearly adopted a "trust us" mentality. If I was willing to blindly trust other companies, I wouldn't be looking for a secure phone!
Crypto products are like voting machines. If their operation is not independently verifiable, then they simply cannot be trusted.
As an interesting side note, I don't see any FIPS certifications.
I smell snake oil.
http://outcampaign.org/
And I'll buy one. I HATE Cameras in phones, because it means I'm forced at times to leave it in my car (some of the places I work do not allow cameras).
But I like the idea of encrypted calls, just like I like the idea of encrypted email. Yeah maybe I don't have anything secret to talk about, but my conversations aren't anyone else's business! Period.
Well, if you have a government that is itself so paranoid that it believes the Chinese government is implanting bugs in every laptop, that secrets can be kept by a bureaucracy, that laptops aren't a bad place for a bureaucracy to keep secrets, and that bulk monitoring phone call traffic is not only legal but a productive use of their time, perhaps the thought that such a government might just listen in on your calls and get confused about who's who and what's what and think you're talking about some nefarious activity, just ain't so crazy.
Also, suppose some NSA guy listens in on a random phone call and happens to hear a guy tell his lawyer that his company is about to go bankrupt because the CFO ran away with $$$. What's to keep him from immediately going out and selling the stock short? Remember, there are several *secret* organizations (i.e., bureaucratic) out there staffed by people who are trained and encouraged to not tell anyone what they are doing. Don't you think the likelihood that some people within such an organization may have a lack of scruples (a top secret clearance doesn't guarantee they don't), and find it all too convenient to add some of their *own* autonomous secret behaviour that takes advantage of their position? Who is going to "out" them or whistleblow on their activities? Do you trust the administrators of such programs to be able to detect such things, to be spotless in their behavior themselves, and to do the right, fair and honest thing when problems are discovered?
... is why I wish the inventor of PGP, of all things, would've implemented something like that for phone calls. Yes, it takes more time to set up initially, but once set up, you'll never have that problem, nor will you have the problem of forgetting to turn crypto on when the conversation moves from milk to erotic breast milk to politics and so on...
Don't thank God, thank a doctor!
It's actually driven by my own difficulty, sometimes, in trying to understand a particular dialect of stupid.
Or, in less insulting terms, people tend to make up for a lack of knowledge about tech by inventing it as they need it. Thus, they assume their laptop comes with free wireless Internet, because it automatically connects to their neighbor's unsecured access point. So, the first steps of the conversation will be figuring exactly what it is they think they have, and what they really do have, in terms of Internet access. It's not necessarily a fault on the part of the user that they don't know that they don't know where their Internet comes from (and that they're stealing it), but it makes for frustrating and amusing techsupport calls.
So, when someone says "All laptops come with free Wireless Internet!" I say "Um..." not to be condescending, although the user may deserve it, but because I'm frantically trying to figure out where they could've gotten that impression, what kind of Internet they actually have, and how to best explain the issue without (heh) sounding too condescending, but also without making the issue too complex.
Now, your question made enough sense that I could respond to it directly and immediately, because your misconception was right there in the question/suggestion -- I didn't have to spend a minute figuring it out.
When I say "um" in that way, I'm in no way commenting on the relative intelligence of a question/comment. I'm just expressing how much work it's going to take before I can even get the question on familiar terms. Sometimes it implies that you're actually smarter than me, and you've used terminology I haven't heard yet -- and sometimes it means you're less knowledgeable than me, and you've invented terminology for things you don't really know about.
Don't thank God, thank a doctor!
Just curious...
Longer call setup time, I get. Latency, I don't, unless you assume the cell phones themselves are slow.
Don't thank God, thank a doctor!
Have the phone remember public keys, once a connection has been made.
Provide a means to exchange keys initially either by connecting with read-the-hash-verbally-over-the-line, or a physical way of linking them together. This would probably be better, as from what I've seen, people usually exchange cell phone numbers face-to-face, with one person typing it into their phone for storage.
Imagine: You plug two phones together, via USB or some new standard interface. Phones exchange phone numbers (or IP addresses) and public keys. All you have to enter now is the name of the person to file the number as in your address book.
It's now significantly easier to setup secure connections than it used to be to seup any connection, assuming the physical aspect is easy enough -- and people don't seem to have problems with their iPods, so how hard can this be? It's also more secure than reading over the phone, because if you're physically there, you have more than just voice to verify that this person is who you think they are.
And it took me maybe 10 mins, because I had to type it up.
By the way, I seriously doubt any group of cryptographers were involved, certainly not in the design phase. Looks like they just designed a phone and ripped off zFone's idea, so yes, given what I know about zFone, I could easily have designed a similar phone. And zFone wasn't designed for cell phones, it was designed to be universal, meaning it has to deal with non-portable computers with headsets, meaning it couldn't capitalize on how easy it is to get two cell phones physically close to each other.
But, zFone brings up an important question -- will these interoperate? They damn well better, or I'll stick to my PGP email.
Don't thank God, thank a doctor!
Diffie-Hellman key exchange is pathetically vulnerable to man in the middle attack. Most times, an assumption is made when using a protocol like DH for key exchange that getting "in the middle" would be hard for a malicious party. But when that malicious party is your ISP/Verzon/AT&T, you have absolutely NO protection. They will simply initiate DH key exchange with both you and your terrorist mom when you pick up your "secure phone" and call her. You, mom, and NSA are the only parties that will understand what is being said. It doesn't matter about 128 bits or 973262 bits or bugging the phone or listening over your shoulder. Bottom line: If you need to exchange your key over the network before you can trust that person then you are already pwned by your telco/ISP befor you say another word.
Assuming that one could build a machine that could recover a DES key in a second, it would take that machine approximately 149 trillion years to crack a 128-bit AES key. ...assuming a classical computer. I don't pretend to know how they work but quantum computers are much faster at this kind of task. Given the progress the academic community is making, and the meme that the NSA is always 20 years ahead... just maybe.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Whoever has the job of listening to my phone calls has a worse job than I do and a worse life. The only thing worse than having issues is being forced to listen to someone else's issue that you can neither control, nor bring yourself to care about...g-men, are you listening? I'm going to the gas station to fill up my SUV, then I'm going to get milk on my way home...at which point I'll change my daughter's diaper, eat, and go to bed at 9:30...enjoy your job of listening to my laundry list. Listen closely, lest you miss the scorching details of my trip to Bed Bath & Beyond and maybe Home Depot if we have the time.
See also NAH6