[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Active Eavesdropping of Clipper Phones



There are a variety of ways around  Diffie-Hellman spoofing.
The current STU-III phones from AT&T, Motorola, etc., use several
approaches - there's the Crypto Igniter Key dongles that you need
to authorize your phone, which provides one form of out-of-band
authentication (partly authentication of the DH keys, but more important
is authentication that the person at the other end is probably cleared
for the level of classification you're running the call at);
there's also an LCD display on the phone that shows the other person's
DH half-key, so you can do voice verification if you want.
They may do other stuff as well.

Scott Collins mentioned the "digital signature on RSA keys",
which the Capstone phones probably do even though Clipperphones 
probably won't.  There are also tricks about sending half the key
at a time, though they're apparently still hackable.

	Bill