[Cryptography] The crypto behind the blackphone

Jon Callas jon at callas.org
Mon Jan 27 16:10:18 EST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Yes they can.
> 
> I have no direct knowledge of the specs other than brief hints from Jon. But it is pretty clear that this phone is going to offer application layer encryption like the silent circle products do.
> 
> The big difference is that on this phone you can compile the code from source and be sure there is no backdoor. Which is not really possible on the iPhone version (though I guess someone could compile the source and check that the deployed app matches if they provide source for that.)
> 
> There are some attacks that no application layer scheme can protect you against. In particular, traffic analysis and metadata can't be fully controlled, particularly for a system with a low user volume. Say there are a million users of the phone and a thousand calls in progress at a time. if the Feds are watching two people and one dials and the other picks up at that very moment, they have a data point. If they do it a second time then they have two data points. Three data points are enough to put the match beyond reasonable doubt.
> 
> This is the attack that caught the jackass who tried to avoid a finals exam with a bomb threat at Harvard last term. The police found that only five people were using Tor on campus at the time. Now if the guy had been at MIT...
> 
> I am pretty certain Jon and co have the confidentiality pretty well locked down so that is an advance.

Thank you, very much for the vote of confidence.

But still, I've never said "safe." I've said security-enhanced, and lots of things like that, which are all true, but I'd never say safe -- because I know about the dangers of compromised hardware.

Reporters have to make a living, too, and many of them have written hyperbolic headlines. Well, okay, usually, it's the *editor* who puts the hyperbolic headline on the well-written story.

My truest personal goal for Blackphone is read an Android hardening guide sometime in the future that will give a list of the things you should do to lock down your Android phone, and at the end it will say, "Or you could just buy a Blackphone." I want it to come out of the box the way that serious people like us on this list would want it.

It will also have a set of software and services that people like us would like to have, which is part of the hardening, in my opinion.

It would be very nice to achieve that goal with a V1.0 product, but it would be hubris to suggest that that's going to happen.

(Also -- should there be some ad, web thing, or other communications from Blackphone that says something like it's "safe," mail me off list. I'll get it fixed. That's just another form of software and software comes with bugs, especially in its early days.)

	Jon



-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-2

wj8DBQFS5stBsTedWZOD3gYRAivKAKDKEHYgP990ysIV7niNo38sQOjG2gCg4LYT
3iTZ8vEFRLWa3V1wFfopIWk=
=9AOn
-----END PGP SIGNATURE-----

More information about the cryptography mailing list