[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure comm program, Sockets + LINK



> > How do STU-III phones work then?  Do they have some key in rom?

I don't remember the details (and if I did I'd have to kill you :-),
but they use a little plastic key-shaped dongle that's got some memory in it,
probably EEPROM, which contains keying information.  
Each key works in only a few phones, and each phone only supports a few keys.
The keying information tells it what level of classification the 
phone is authorized for when the key is in it, and phone calls
negotiate that when they set up.  If the phone decides it doesn't like something,
it's able to zero out the key's memory.

> I dunno enough about STU-III phones. Maybe they don't care about man
> in the middle, or maybe they use fixed conventional of some sort for
> authentication. I have a vague memory of someone telling me that some
> of them have code keys.

When you're making a TOP SECRET phone call, you *do* care about man 
in the middle, just as you care about being in a soundproofed room.
The session key exchange is done with Diffie-Hellman with authentication;
I'm not sure if the authentication uses public-key or secret-key technology,
but my guess is it's basic secret-key stuff.  The military version of the phone 
uses classified secret-key algorithms, so presumably the key handling does too.

				Bill