[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto not being used where needed



h
There are two different problems with eavesdropping cellular calls:
- trying to find a *specific* person's calls
- trying to find any interesting call.
The former is still hard, but if unencrypted cellular credit-auth
boxes become widespread, all you'll have to do is set your scanner to
listen for 1200-baud tones and match for patterns that look like
credit-card requests, since you don't really mind *who* you rip off.
This is not good.  One way around it is to use public-key crypto;
however, simple symmetric-key crypto with different keys per vendor
should be adequate, and the paper-trail for setting up credit-card service
gives you a key distribution mechanism.