Slashdot Mirror
Company Makes Inconspicuous Secure Cellphone
dponce80 writes "With concerns over privacy at an all-time high, it's refreshing to hear that Swiss company VectroTel is making a secure mobile phone. The X8 encrypts secure calls (the unit is also able to make regular calls) with a virtually unbreakable 128-bit key, itself generated through a Diffie-Hellman exchange. While transmission does get somewhat delayed, communication is secure."
Does this mean that Government agencies cannot listen to our oh-so-important phone calls? Typical. Millions if not billions of our tax money wasted if this technology becomes widely adopted.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
So label me.
I'm willing to defend my freedom to death. If necessary, against my government.
And I bet, the US founding fathers would be proud of me.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Just in case you didn't RTFA, the phone displays a hash on the display. As long as you read this one to whoever you're talking to, you more-or-less foil a man-in-the-middle attack.
I'm more worried about the proprietry algorithm for the encryption, and how it's implemented. Any conspiracy theorists will still think there's a back door for the government (or swiss secret service?) to listen in.
Anyone with anything really important to say would use GPG on an MP3 and maybe a lashing of stenography on top.
Cryptophone is a company that has been making phones like this for some time already.
They employ some of the smartest crypto people, use well-known algorithms and publish their sources so you can check them yourself.
Reading the comments made me cringe, so here goes....
Some points;
- 128 bit keys are probably good enough, depending on the nature of the conversation. Diffiehellman generates a per-session master secret. To this you would then apply a KDF ( Key Derivation Function ) in order to produce your session key for use with your symmetric cipher, most likely AES or 3DES, maybe even TwoFish. A new master secret is generated every time you make a call, hence the session key changes per call, this is UNLIKE your WEP key, which is constant or one value selected from a set. The consequence of this is that although it is practical to break an 128 bit symmetric key, it is NOT practical to do so in the time interval in which the call is taking place. Hence the encryption applied is strong enough for protecting calls in the short term, although if someone captured the call they could possibly decrypt it at a later date.
- GSM does feature limited cryptography. Unfortunately, and rather amusingly this encrypting is only carried out on radio traffic. Once the data reaches the base station / cell, it is sent in the clear around the cable cellular netork's backbone infrastructure.
Verizon Guy: Can you hear me now?
NSA analyst: No
**Life is too short to be serious**
A Swedsh company called Sectra has made secure cellphones for years. Their latest model is the only cellphone certified to the security level NATO SECRET by NATO.
t ion/sectra/
http://www.army-technology.com/contractors/naviga
Martin