[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSM crypto upgrade? (was Re: Newt's phone calls)

To: [email protected]
Subject: Re: GSM crypto upgrade? (was Re: Newt's phone calls)
From: Eric Blossom <[email protected]>
Date: Tue, 28 Jan 1997 11:38:41 -0800
Cc: [email protected], [email protected]
Sender: [email protected]

>> It is not clear you need signatures in the secure phone case.  Eric
>> Blossom's 3DES uses straight DH for key exchange with verbal verification
>> that both ends are using the same key.  
>
>How does Eric's box display the negotiated key to the user?  (I don't
>recall the pair I saw having displays).

Latest versions have an LCD display that reports the type of crypto
being used (3DES), as well as 24 bits worth of SHA-1 of the public
exponentials exchanged.  Alice sends g^x mod p, Bob sends g^y mod p.
Let m = min(g^x mod p, g^y mod p) and n = max(g^x mod p, g^y mod p).
compute v = SHA (concat (OCTET_REP (m), OCTET_REP (n))).  Display the
high 24 bits of v.

>Also I thought it would be kind of cute if there were some way for
>phones to exchange their signature keys `face to face' as well.

Currently, absent some kind of widely deployed public key
infrastructure, there are no signature keys used.  This also means
that the units do *not* contain any long term secrets, just the
session key which is destroyed at the end of the call.

Eric

Prev by Date: .hlp creation
Next by Date: Where's reference? (was:RE: [DES] DES Key Recovery Project, Progress Report #7)
Prev by thread: Re: GSM crypto upgrade? (was Re: Newt's phone calls)
Next by thread: [CRYPTO] One-time pads
Index(es):
- Date
- Thread