Maybe It's Snake Oil All the Way Down
Eric Blossom
eb at comsec.com
Tue Jun 3 18:50:37 EDT 2003
On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote:
> At 01:25 PM 6/3/03 -0700, Eric Blossom wrote:
> ...
> I agree end-to-end encryption is worthwhile if it's available, but even
> when someone's calling my cellphone from a normal landline phone, I'd like
> it if at least the over-the-air part of the call was encrypted. That's a
> much bigger vulnerability than someone tapping the call at the base station
> or at the phone company.
GSM and CDMA phones come with the crypto enabled. The crypto's good
enough to keep out your neighbor (unless he's one of us) but if you're
that paranoid, you should opt for the end-to-end solution. The CDMA
stuff (IS-95) is pretty broken: *linear* crypto function, takes 1
second worst case to gather data sufficient to solve 42 equations in
42 unknowns, but again, what's your threat model? Big brother and
company are going to get you at the base station...
At our house we've pretty much given up on wired phone lines. We use
cell phones as our primary means of communication. Turns out that
with the bundled roaming and long distance, it works out cheaper than
what we used to pay for long distance service. There is that pesky
location transponder problem though.
> ...which will basically never be secured end-to-end if
> this requires each of those people to buy a special new phone, or do some
> tinkering with configuring secure phone software for their PDA. "Hmmm,
> which key size do I need? Is 1024 bits long enough? Why do I have to move
> the mouse around, again, anyway?"
It doesn't have to be hard. No requirement for PKI. Just start with
an unauthenticated 2k-bit Diffie-Hellman and be done with it.
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list