[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GSM crypto upgrade? (was Re: Newt's phone calls)
Bill Frantz <[email protected]> writes:
> At 4:39 AM -0800 1/16/97, Adam Back wrote:
> >- PIN for phone's RSA signature keys
>
> It is not clear you need signatures in the secure phone case. Eric
> Blossom's 3DES uses straight DH for key exchange with verbal verification
> that both ends are using the same key.
How does Eric's box display the negotiated key to the user? (I don't
recall the pair I saw having displays).
> As long as the man in the middle can't imitate a familiar voice,
> this procedure is reasonably secure.
This is the approach taken by PGPfone also. If the value of the
conversations was high (>$100,000?) passable voice imitation wouldn't
be that hard I suspect.
Also I thought it would be kind of cute if there were some way for
phones to exchange their signature keys `face to face' as well.
> I agree that signatures of some kind are needed to identify the phone to
> the cell company to prevent an all too familiar technique of stealing phone
> service. But this protection would not be a 3rd party cell phone upgrade.
It's about time something was done about that problem.
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`