[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSM crypto upgrade? (was Re: Newt's phone calls)




Bill Frantz <[email protected]> writes:
> At 4:39 AM -0800 1/16/97, Adam Back wrote:
> >- PIN for phone's RSA signature keys
> 
> It is not clear you need signatures in the secure phone case.  Eric
> Blossom's 3DES uses straight DH for key exchange with verbal verification
> that both ends are using the same key.  

How does Eric's box display the negotiated key to the user?  (I don't
recall the pair I saw having displays).

> As long as the man in the middle can't imitate a familiar voice,
> this procedure is reasonably secure.

This is the approach taken by PGPfone also.  If the value of the
conversations was high (>$100,000?) passable voice imitation wouldn't
be that hard I suspect.

Also I thought it would be kind of cute if there were some way for
phones to exchange their signature keys `face to face' as well.

> I agree that signatures of some kind are needed to identify the phone to
> the cell company to prevent an all too familiar technique of stealing phone
> service.  But this protection would not be a 3rd party cell phone upgrade.

It's about time something was done about that problem.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`