Secure phones from VectroTel?
George Danezis
george.danezis at esat.kuleuven.be
Tue May 23 12:51:36 EDT 2006
Hi all!
> The devices apparently use D-H key exchange to produce a 128 bit AES
> key which is then used as a stream cipher (presumably in OFB or a
> similar mode). Authentication appears to be via a 4 digit pin,
> certainly not the best of mechanisms.
The 4-digit PIN should not automatically be dismissed as a bad idea. The
device *could* be performing a DH based protocols to bootstrap a strong
secret from a week PIN.
A secure example of such a protocol (there are many more):
Stefan Lucks, Rüdiger Weis: How to turn a PIN into an Iron Beam. 385-396
(In Dimitris Gritzalis, Sabrina De Capitani di Vimercati, Pierangela
Samarati, Sokratis K. Katsikas (Eds.): Security and Privacy in the Age
of Uncertainty, IFIP TC11 18th International Conference on Information
Security (SEC2003), May 26-28, 2003, Athens, Greece. IFIP Conference
Proceedings 250 Kluwer 2003, ISBN 1-4020-7449-2)
And a simpler one:
Michael Roe, Bruce Christianson, David Wheeler.
Secure sessions from weak secrets
www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-445.pdf
Of course I have no idea if this is the technology used.
George
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list