Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Security

German Crypto Mobile Announced 112

XMLGuy writes "The first German crypto mobile phone is to be built by Rohde and Schwarz - a company that took over the hardware-crypto segment of Siemens at the beginning of May this year. At the push of a button the mobile phone (they are called "handies" here in Germany) will set up an encrypted communications link with your communications partner. According to heise online, the mobiles then use a 128 bit key to encrypt the channel. One of the technicians is quoted as saying that "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call". The mobiles will cost around 6000 German Marks. " You know where the the fish is for translation.
This discussion has been archived. No new comments can be posted.

German Crypto Mobile Announced

Comments Filter:
  • by Anonymous Coward
    128 bits is in my opinion much harder to crack then what is said here. I seriously doubt that 1000 Pentium (even 1.7Gz) could crack a 128 bits encryption in 10 years. I think it was just a way to say that their encryption is strong to the public.

    Take a look at the RC5-64 challenge. The key is "only" 64 bits. According to www.distributed.net [distributed.net], the computing power on RC5 is about 160000 PII 266Mhz working 24/7. d.net RC5-64 effort has been running since 1997 and it has not yet exhausted 50% of the keyspace. 128 bits encryption would be 2**64 times harder than RC5-64. That's a lot more!

    This is why I believe 128 bit encryption is not crackable with today's technology. We would need a serious breakthrough in computer technology to crack 128 bits. 128 bits encryption might be secure for a couple of centuries even taking into account Moore's law.

    Don't underestimate the power of numbers.

  • by Anonymous Coward
    Alas, what you have just described is a flooding route algorithm...these tend to be hideously inneficient... Plus, How would you call from the US to Europe? While this does have some potential for very small networks, it would be unworkable for any decent network, and with a small network your range would be extremely limited. But, now for the real killer..... Think if you you have 1000 people with this phone, and they all stand eqidistant from each other inside of a large circle, then the circle is rougly 35 people across. So that means that your HTL already needs to be at least 35, and that is the optimimum case! Realistically it would have to be at least double that! Plus, using the same optimal confguration, we can see that the traffic density near the centre is quite high. If the distribution was more belt like, those mobiles in the middle really need to receive and pump out a _lot_ of data... It is a nice idea, but try a few simulations of a) flood routing b) traffic flow (even assuming perfect routing) and you will see why this is not so great.... Paul
  • Donning my "crypto expert" hat for Slashdot once again...

    I find it very hard to believe that anyone implementing a new system would build something that it was so practical to break. In general, it's not much harder to build a cryptosystem requiring all of the world's computing resources for millenia. Either they had some *very* funny tradeoffs to make, or they've seriously screwed up, and employed people with no clue about modern crypto engineering, or that quote came from someone who did not appreciate the real strength of the cryptographic components used.
    --
  • > I was always led to believe that the US had more freedom than any other country in the world.

    Yes, I'm sure you were. However, who by ? what country did you hear this in ? The USA doesn't need government sponsored propoganda, they have something much more powerful - profit sponsored propoganda. Any mainstream newspaper or television program that tried to criticise America would lose audience fast. It would be "un-American" of them, and besides Americans all know that the USA is the best country in the world, so they would not just piss people off, they would lose respect because people wouldn't believe it anyway.

    There is a vicious circle at work here. The main reason that Americans are so incredibly patriotic is that throughout their lives almost everything they hear reinforces the notion that America is the best (richest, most free, most tolerant, etc) country on earth, so why shouldn't they be proud of that. However, since the majority believes this completely, it would be very unwise for a publication that wishes to be bought, or a show that wants to be watched, to say anything that reflects badly on America [as compared to other countries]. The media can happily complain about things like crime, drugs, morality, etc but these are internal issues, and if any comparison is offered it will generally be with the past rather than with foreign countries. It just won't get mentioned.

    Foreign news is virtually never mentioned on US television unless it's in such a way as to reflect well upon America. For example, you'll get a story like - "American troops fly into East Timor to protect the natives from gangs of thugs." The earlier story: "US trained and funded death squads kill 1/3rd of population of East Timor to supress an independence movement that could damage the interests of US oil companies in nearby waters" is much less likely to make people feel good about themselves, happy with your publication, and likely to read you again. This phenomena is not unique to US by any means, it's just rather more pronounced there than other places I've stayed.

    IMO America is a good country in many respects, but general knowledge about the state of the world outside the US is not it's strong point.
  • Even if it is DES, there is no backdoor. There is no known "better than bruteforce way" of cracking DES. What EFF and d.net did was simply design systems to exhaust the keyspace (bruteforce) of DES in a shorter about of time. In particular EFF (who did about half of the keys done on d.net in the last DES challenge) designed a system that was specifically optimized at the hardware level for trying DES keys as fast as possible.

    I'm not suggesting that we should all run out and use DES for serious security, but please don't spread the misinformation that it has a backdoor.

  • Sold to US Defense Department and NATO as well if you check out the pressreleases [sectra.se].
  • by bodin ( 2097 ) on Wednesday May 30, 2001 @08:56PM (#187622) Homepage

    Sectra in Sweden has been selling crypto GSM phones for a very long time.

    http://www.sectra.se/ [sectra.se]

    Check out their "Tiger-phone" [sectra.se] which is a combo GSM/DECT phone with built in crypto.

    Sold to the Swedish military.

  • Quite some time ago I was excited to hear about Starium [starium.com], a company founded by some folks with much crypto-cred (cypherpunk Eric Blossom, father of public-key crypto Whitfield Diffie) to provide voice encryption products. They claim to be working on an add-on unit [starium.com] (pdf flyer [starium.com]) for regular analog phones as well as licensing their encryption for inclusion in digital phones.

    This almost two-year-old Wired article [wired.com] says they were planning to release "sub-US$100 telephone scrambling devices" by "early-2000."

    Anyone know what's taking so long?

    -Jeff, www.scrollbar.com [scrollbar.com]

  • It seems to me that this is a situation where open standards/open source is important.

    What happens if your $3k phone turns out to have a weakness in it? A crummy pseudo-random number generator or a more mundane bug? Or what happens when your neighbor buys a doohickey that plugs into a visor or a WinCE box that gives him the same functionality for $150? How do you know you can trust the chip?

  • This would be great to have in the states, but do they provide a method to change the software on the phones.. and provide the source to the software? I really wouldn't trust anything like this without know that I would be safe from backdoors!

    Can we really trust a company to Do The Right ThingTM? Sure, even with a backdoor.. this will keep you from being spied on by your kid sister, but what about Big Brother?

    We must demand that our devices using encryption MUST be open enough that we can verify our freedom.
  • I've been told that Qualcomm was thinking about including encryption in the CDMA mobile phone standard. Under heavy pressure from the U.S. Government, the encryption algorithm was changed to XORing a static bit pattern with each frame of data. Needless to say, this is trivial to crack.
  • Yeah, but if they're going to go to the trouble to listen in on your phone calls, why not the oldschool way of getting a high gain directional microphone, if your phone calls are that goddamn important, a shady black van is probably following you. Even more so, 'Big Brother' could just put listening devices into the phones before they get shipped out, and who really uses Cell Phones for secure communication?

    ---
  • by Mr. Flibble ( 12943 ) on Wednesday May 30, 2001 @09:36PM (#187628) Homepage
    the mobiles then use a 128 bit key to encrypt the channel. One of the technicians is quoted as saying that "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call

    As outlined in Cracking DES [oreilly.com], an algorithm can take years to crack using a conventional computer. However, if you custom design a computer from the ground up (not as difficult as it might sound) to specifically attack the algorithm, the encryption can fall quite quickly, as it does with DES. *

    I think that encryption should be evaluated on the strength of the algorithm, not on how many brute force attacks it would take to defeat it. (This is what is mentioned by Schneier in Applied Cryptography [counterpane.com].)

    * For those of you who doubt this, read the book.
  • There is nothing new in this product. Crypto cellphones have been available since cellphones were available. For an other exemple:

    EADS-DSN [eads-dsn.com]

  • [We fade in on the Crypto Cave, where our heroes Hellman and his faithful sidekick Diffie are relaxing after a strenuous workout. Suddenly, an alarm sounds!]

    Diffie: Holey encryption algorithms, Hellman! It's the Encrypted Signal!

    Hellman: Indeed. The RIAA must be up to its old tricks. Quickly, Diffie--to the German Crypto Mobile!

    Diffie: Atomic random key generators to power . . . one-time pad to speed . . .
    --


  • The data streaming between the phones and towers of a GSM network is already encrypted with one of two algorithms, A5/1 and A5/2. A5/1, the "stronger" variant, is in use in virtually every GSM network currently operating.


    Yup, the data is encrypted between the towers and the phone.
    But not between the towers and the switch!!
    So, it is very easy for any government agency to listen in on a conversation.
    Because there is no encryption between the tower and the central switch!!


  • On any hardware device, especially one with analog circuits (like a cell phone) there can be plenty of sources of randomness: background static in the microphone, fluctuations of the RF signal. It should be quite easy to seed a random number generator from these sources. Even if the random number generator is known, it is not always possible to even remotely guess at what the next numbers will be without knowing the seed and internal state.


    An analogue cellphone?
    Do they still make them?
    In Europe, Asia and Afrika we all use digital cellphones.
    This is called GSM.
    And this system already uses encryption.
    Between the phone and the tower...
  • > or- Distributed mobile phones.
    >
    > An Idea that I've been kicking around in
    > my head for a while is the concept of a
    > distributed mobile phone. Each Phone acts
    > as a transmitter for your call, and a
    > forwarder for other calls.
    > Thus, as the number of phones sold
    > increases, so does the total range of
    > the system

    Actually, the specifications for 3G phones do
    have something like this as a capability.
    However, I can't quite see this one flying as
    the general basis for a network - I mean, do
    you really want your battery power to be used
    up forwarding other people's phone
    conversations?
  • GSM Cell phones are already encrypted (although weakly) - and it's a worldwide standard, with hundreds of millions of users. Eavesdropping on that is a bit harder than casual scanning.

    But you're right, even weakly obfuscating something stopps atleast 95% of all attackers. Not everything needs to have military grade encryption..

    -henrik

  • I'm sorry, you misunderstood me. I meant backdoor in the sense that it (the phone) doesnt live up to it's claim of "128bit security". I also never claimed DES has a backdoor, only that this phone has one. (it was merely my own speculation that it might use DES)

    But you're right. There's no publically known way of breaking DES that is better than bruteforce. Then again, with a 56bit keyspace it doesnt matter, because searching through 2^56 keys is practical. (TrippleDES is probably secure though, with a 112bit keyspace)

    But then again, a pissing contest over keylengths is irrelevant. There are better ways of cracking encryption.

    -henrik

  • by abelsson ( 21706 ) on Wednesday May 30, 2001 @10:17PM (#187636) Homepage
    Quote 1:...use[s] a 128 bit key to encrypt the channel.
    Quote 2: ...A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call.

    1) A 128 bit string has roughly 10^38 possible combinations (keys)
    2) Assuming a pentium chip can perform 1 million decryptions per second of the algorithm 1000 pentiums working for 10 years would try roughly 10^17 keys - which is equivalent with a 58 bit real key length. (suspiciosly similar to DESes 56bit, maybe they use DES with some custom key magic to be able print "128bit keys" on the box)

    This means there's a better than bruteforce way of cracking the algorithm used and this phone probably shouldnt be used for anything important (as we all know, des can be cracked in hours by d.net, probably in minutes or seconds by intelligence agencies)

    Also, even if it isnt DES.10000 pentiums (1yr) - or more likely, a custom chip (much less), is not outside the reach of intelligence agencies or even large companies.

    -henrik

  • By using tried and trusted techniques:

    http://www.ii.uib.no/~larsr/craptology/crv0n1-2. ht ml

    This is a good read on the subject :-)
  • It's still transmitted in an analogue fasion. Using normal radio tech. (Well not really "normal" but it's not magic. ;-)
  • Besides, telephone batteries would last muc shorter. Many telephones have a much larger standby time than speaking time. This is because during calls much more transmissions take place and thus more energy is used, than during standby, at which time there's only some polling the 'server'

    When you do routing, esp in the center of the population, the maximum amount of energy would be used all the time. Thus, a 50 hr telephone would only last about 1/2 an hour. That's just not acceptable.

    ----------------------------------------------

  • Any decent 128bit encryption would require a 1000 pentiums to work for... oh say.. the lifetime of the planet earth (at which point the power would fail). If it only takes 10 years then that smacks of weakened security mandated by the government.

    From the article it almost sounds like they are using frequency hopping with a 128bit random function. I'm not sure but that might be legal in more countries because the data is not actually encrypted or decrypted - just the frequency path followed.
  • by harmonica ( 29841 ) on Wednesday May 30, 2001 @08:27PM (#187641)
    I don't want to translate all of it, just some interesting parts:
    • cellphone looks like a Siemens S35i
    • it's not made by Siemens but a smaller enterprise that was created from one of Siemens' departments
    • unencrypted calls work just like with normal cellphones
    • for encrypted calls, the user presses a special key and then enters the number; a GSM-like data channel [I don't know whether there might be a better translation] is opened and data encrypted by a stamp-sized chip is transferred
    • the encrypted connection only works if the other person has a matching cellphone or an ISDN telephone with a corresponding encryption device
    • in some countries, the use of such a cellphone is forbidden
    • price is DM 6000, which is about USD 3000
    • German secretary of the interior Otto Schily got one for free
  • Your idea isn't new. A german inventor had something like that worked out about five years ago, they are finally through the patenting process and are starting to produce actual hardware. Check out www.dirc.net [dirc.net]. Unfortunately the original idea "user buys equipment once, no further costs" has been dropped in the process. Now the business model is more along the lines of "provider buys lots of them and rents them out to consumers". But still pretty cool tech.
  • If it 'only' takes a thousand Pentiums (Pentium 133? Pentium 1GHz?) around ten years to crack their 128-bit algorithm, it's one lousy algorithm that doesn't use all 128-bits of entropy.

    A custom hardware design is very effective compared to a conventional attack (as aptly demonstrated by EFF and distributed.net [distributed.net] in the RSA DES contests). However, it doesn't matter how fast your chip is if you use long enough keys (and >=128-bit keys are long enough). Try to do the math: even if testing a huge 10^12 keys per second (or more) it will take a long time to bruteforce a 128-bit key.

    Basically all algorithms used today are 'strong', or rather, believed to be strong. This includes DES, Blowfish, RC4, RC5, IDEA, CAST etc. This means that it is only their key length that decides how hard it is to crack. Viewed in this light DES' 56-bit isn't enough. RC4 used with a small 40-bit or 56-bit is also vulnerable. Even so, the DES and RC4 algorithms themselves are strong. This is why it is feasible to bruteforce DES with a custom VLSI chip design: the key is simply to short. Doing a bruteforce on a strong 128-bit algorithm is futile whether doing a hardware or software-based attack.

  • Zu dem Cryptomobile!

    (Sorry if I botched the German; it's been years.)

    ----
  • if a node is missing, it will hop around, looking to get back ont he chain, or, to get back to phone A)

    Does this sound like a viable phone model?


    Sounds dodgy to me. Every time you lose part of the route you're probably going to take a noticeable amount of time to reestablish it. If your phone or any other on the route is in a fast moving vehicle this is going to make the conversation break up completely.
  • What bothers me most is that one day the US just decides its ok to export encyrption now. Why? Because the hell with a thousand pentium computers, they probably have quantum super computers hidden deep in Area 51 by now. :)

    But think about it. What does going out of your way as a consumer to buy 128-bit encryption do? NSA and other snooping agencies in the world have a problem. Soo many communications going on, every teenager has a cell phone now adays yakin about who knows what. But if you go out of your way to encrypt your conversation, then in my opinion you FLAG yourself as worthy of some super-brute force snooping action.

    Now if EVERYONE had the simple luxury of one push of a button crypto, then awesome. You'd be hiding out in the open again. But I bet they pay particular interest to the first bunch to run up and grab these phones.

    Ohh Yes, can I buy a bullseye for my head too!

    Just remember, the government likes to have about a decade or two of advance technology above and beyond what the consumers have access to. They like that buffer zone of protection, so if they are ok with encryption now.. be afraid, be VERY afraid of the new toys they probably just developed.

    There was a time the whole world didn't even have billions of dollars, now we have a country that commands trillions and only recently decided they have SOO MUCH, that they are now actually willing to give 1.35 trillion BACK to people, Woah.. they must REALLY be hiding something.

    -Matthew

  • So if I had a really funky G3 phone that could pull decent bandwidth, I could do voice over IP and run it through an encrypted PPP and be able to talk to other phones even if they weren't of the same brand? As a bonus, the encryption would be in software rather than on a chip.

    And a bans on software implementations would a lot harder to enforce.

    Xix.
  • by account_deleted ( 4530225 ) on Wednesday May 30, 2001 @10:56PM (#187648)
    Comment removed based on user account deletion
  • Siemens of Crypto AG fame. I doubt if there are any secret NSA backdoors [mediafilter.org]
  • With the amount of processing power being put on phones these days (to play games, MP3s and PDA functions mostly), it won't be entirely unfeasible to implement an encrypted IP-based phone/data system tunneled inside the standard one using the OS on the phone itself to run the encryption/decryption functions. Anyone got Linux running on a cellphone yet?
  • Clearly this was just made up without thinking about it at all. Let's work backwards starting with the idea of brute-forcing a 128-bit key and see what we get:

    2^128 keys, divided by 1000 machines, divided by 315576000 seconds in 10 years, gives right around 10^27, or 0.5*10^27 trial encryptions on average. So these 1000 machines would have to do 0.5*10^27 trial encryptions per second in order to break a 128 bit key. Assuming a 20-cycle/encryption machine, that means that you'd need a 10^28 Hz machine for each of these. That's a 10 Giga-Giga-Giga Hz machine (there's probably another name for it).

    So assuming that the encryption scheme is sound (requiring brute force for attacks), this is a lot more secure than they're suggesting here...

  • I was always led to believe that the US had more freedom than any other country in the world. What are the chances that this encrypted phone technology will be allowed in the US without some backdoor for the government to snoop in?

    I mean we can't let people hide things from the government, can we? What with national security, organized crime, the war on drugs and all the usual excuses! These things take precedence over freedom! Not.
  • Check out the Cypherpunks archives on the net.
    GSM doesn't use ECC - it uses a couple of algorithms called A5, A8, etc. which look something like a fast fourier transform. Ian Goldberg, a Berkeley grad student, cracked them over lunch one day (he's not Israeli, just Canadian.) The authentication is a bit stronger than the message encryption. One of the entertaining results of the crack was the discovery that, while the keys are too short to start with, most of them have 10 bits set to 0, so they're even easier to crack, which is a strong argument that there was government pressure on the development process.
  • Real Algorithms can be executed in software just as well as hardware, though some things are more efficient on specially-tuned hardware than on general-purpose computers. DES, for instance, uses a lot of ugly bit-twiddling which is annoying to do on typical hardware, so it gains a lot by running on special gate-array designs, but you can still keep a 10Mbps Ethernet or a T1 line pretty full on cheap Pentiums. Voice, on the other hand, only requires about 6-10 kbps for most cell-phone voice compression algorithms, so the load from using DES is much less than the computation used in the voice compression itself. Some of the public-key algorithms can benefit from special hardware designed to do bignum multiplies, which can benefit from a lot of pipelining and parallel computation, so there's some market for accelerator boards to do that for web servers.

    But the main reason you'd do crypto in hardware in a cellphone is that callphones tend to do the heavy lifting in ASICs and not have a lot of general-purpose computing horsepower or memory - it's easier to put the crypto into the ASIC than find somewhere else to wedge it.

  • There's plenty of horsepower handy - most of the work is compressing the voice, and once you've done that, encrypting ~6.5kbps or 13kbps is pretty trivial. The trick is to get the cell phone system to complete handset-to-handset calls using the compressed digital voice stream, which would let you pass encrypted compressed voice between the phones instead of unencrypted, and prevent it from converting the compressed voice to conventional uncompressed voice and back, which would obviously trash the encrypted data. I think GSM may let you do that - I know some of the digital versions don't, and obviously analog also has its limitations. All you'd need would be a sufficiently programmable phone to make it happen. Otherwise, any encryption in the phone happens between the phone handset and the cell site, which is useless for end-to-end because you can't modify the cell site.


    The other obvious approach is to add a cellular modem to the cellphone, as long as it can get at least ~6.5kbps of throughput (one of the tighter compressions used in US digital cellphones) and set up a modem call. This needs a bit more hardware, but modems can be pretty compact, and again you've already done the compression in an ASIC. If you can't get fast enough modem speeds, you either need a tighter but nastier-sounding codec, e.g. 4800 baud or (gak!) 2400 baud or 1200 baud LPC (Speak-And-Spell is a trademark of somebody or other.) Or you can cheat and make a double-sized cellphone that's doing two simultaneous calls - klugey, but if you can afford DM6000 for a phone, you should be able to live with a much cheaper phone that burns minutes twice as fast.


    Another approach is to wait for those 3G phones that the EU governments scammed their phone companies into paying giga-Euros of debt money for in the license auctions. Shouldn't cost any DM6K for one of those.

  • When the guy said it would take a thousand computers over 10 years to decrypt, it's excessively unlikely that he was trying to be scientifically precise in a way that you can calculate the real encryption strength from. He was making up hype numbers for a press release that were intended to give the general public a feel for how hard the problem is. So don't try calculating whether it's really 10**17 keys vs. 10**38. He said "it's really really hard to crack", and his hype numbers happen to be low rather than high.

    I usually give crypto-cracking speeds (for adequately strong algorithms) in terms of planet-sized computers and billions of years, because that's obviously infeasible to crack, and if it's not, you should have made the keys a few bits longer. For RC4, that doesn't even cost you anything :-) Since you know how to calculate using exponentials, keep in mind that given good algorithms, it's trivial to make things that take that long to crack, and are so far out of reach of intelligence agencies that you should be worrying about other threats, like keyboard sniffers planted in your phone or passwords on yellow sticky notes. Single-DES can be brute-forced - John Gilmore proved that with the EFF Deep Crack machine, and the distributed crackers also showed they can do it. But Triple-DES isn't just 3 times as hard - it's 2**56 times as hard (total strength is only 112 bits, not 168, because there's a meet-in-the-middle attack that uses 2**56 pieces of memory, which is currently impractical.) RC4 is adjustable from near-0 to 255 bits of key length, with much less work per key brute-forced, but 128 bits is enough. The new US NIST Advanced Encryption Standard (contest won by Rijndael from Belgium) has modes for 128, 192, and 256 bits, if I remember correctly - even the weakest mode is strong enough for Earth-bound attackers.


    The hard part of the crypto isn't the symmetric algorithm - it's the public-key part. I suppose they *could* have used 128-bit algorithms for that, but Elliptic Curve isn't strong enough at that length, and they'd be expected to know it. If you're not worried about traffic analysis, you could build a Kerberos-like system using 3DES or AES that fits in 128-bit keys.

  • 6000 Deutsche Mark amount to roughly US$ 2600 !

    I'm afraid this will seriously reduce the market for this nifty little toy.

    Thomas Miconi
  • I also never claimed DES has a backdoor, only that this phone has one. (it was merely my own speculation that it might use DES)

    Possibly the guy who said that just didn't know what he was talking about though.

    Back when GSM was being developed, Germany wanted it to include strong crypto, but France + UK overruled and so GSM crypto was crap. Maybe now Germany is getting it's way. It's actually kind of weird that France demanded poor crypto, because it's decrypted at the base stations and reencrypted when it's transmitted back out, so it can obviously be read rigth there. I guess they wanted to be able to tool around town listening to GSM conversations on the fly (people have found how to break some of the GSM algorithms in real time).

  • Tech:....no, when it says reset your password you need to reset your password....

    PHB: Wait, passwords? What if my phone is being monitored? I'd better encrypt this...

    Tech:Wait! Those phones are way too expensive and I don't have one to decrypt yours!

    PHB: [crackle, hiss, crackle, etc]

  • Mea culpa, should have read the article.

    No, you can't choose a key, that "punching" part is just about the button you have to press to get an encrypted connection instead of a normal one.

    It says that a new key is chosen each time out of 10^38 (i.e. 2^128) possible ones; no word on how it defends against eavesdroppers. Sounds like it's actually only negligibly more secure than no encryption at all.

  • At $3000, this one's hardly cheap...
  • No, there was no more specific data; and since it would take much longer to decrypt real 128bit encryption, I suspect that quote was just made up on the spot by some marketroid to impress unknowledgeable people with some large numbers.
  • Actually, if they use decent symmetrical 128-bit key cryptography, it would take all the pentiums in the world a couple of million years, if not more, to decrypt it.

    Of course, the real question is: how are the keys generated and transferred. If it's just a fixed key stored somewhere in the phone, it won't be long before someone manages to get it out and be able to listen in to everything said on those phones quite easily.

  • Using hardware crypto means the distribution of the keys is a whole lot simpler - just do it when the handset is shipped.
    None of this computationally and bandwidth expensive overheads with PKI which no one trusts to the level necessary to protect a phone conversation.
  • I'm a bit of a cellphone nut, and have already done quite a bit of reading on the subject.

    The data streaming between the phones and towers of a GSM network is already encrypted with one of two algorithms, A5/1 and A5/2. A5/1, the "stronger" variant, is in use in virtually every GSM network currently operating.

    Neither algorithm has been broken. However, the private key (Ki) stored in every subscriber's SIM (subscriber identity module) card (unique to each SIM card) has successfully been compromised by researchers for a university, I believe. This was reported in the news a while (18 months?) ago, but it can't be done over the air. As far as I know, you have to interface the SIM card with a PC and ask the SIM card to identify itself, using a slightly different salt each time. By doing this about 150,000 times (which takes about 8 hours), the private key can be computed.

    If this stuff turns your crank, here are a few links to get you started:



    --
  • Um, say I don't believe that this would actually take that many pentiums that amount of time to decode such a conversation. Where do I sign up to enlist my Pentiums' service, prove them wrong, and sue for false advertising?
  • I thought of essentially this idea a while ago, but there is a significant problem: power. GSM and similar mobile networks are designed to minimize transmission from the phone to the base station. The only communication between phone and cell when not in a call or receiving a message is to log onto the network and to send a location update every 2 hours (the time period is variable and set by the network). Other than those times, the phone never sends anything.

    Why? It is takes a lot more power to send a signal than listen for one. Most new mobile phones nowadays can sit idle on the network for 5 days, but only stay on a call for 2 hours. While the power difference isn't spent entirely on transmitting (you also have to sample the audio, compress the data, time your transmissions on the network, and so on), a significant part of it is. Mobile networks are specifically designed to minimize the requirement for the phone to transmit, but instead very infrequently announcing "yeah, I'm still alive" to the nearby base stations. Given the amount of data you need to retransmit on a P2P network (and with redundancy to multiple peers to keep the data flowing if one node goes down or moves out of range unexpectedly), phones on a P2P mobile phone network would spend nearly their entire battery life resending other people's data streams. And then you have the problem of requiring gateways (centralised points, thus somewhat defeating the point of a distributed network) to communicate with devices outside the P2P network, or in another P2P cluster (on another continent, for instance), and how you pay for access to those gateways. And how you geographically locate the most appropriate peers to resend data to (GPS on every phone with location broadcast to peers?), and how it scales under load, and so on...

    It's a cool idea in theory, but unfortunately it wouldn't be feasible in practice (I'm all for building public-owned networks, but I'm not prepared to have only a few hours battery life on my phone to facilitate this). Which is a shame, as it'd be cool to not have to pay mobile phone rates to talk to someone a few blocks away, and not have to rely on telcos with insufficient infrastructure.

  • One of the technicians is quoted as saying that "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call".

    pentium computers in this case means what? 75mhz? 1.5ghz? by saying pentium they really aren't saying much.

    And here is the Moors Law break down:

    In 15 years one computer will be equal to 1000 computers now. So just-around-the-corner the above will quote will look something like this:

    One of the technicians is quoted as saying that "A quantum computer would need over 1 second to decrypt a 10 minute phone-call".

  • I don't parse mangled German well, so I may be totally off base, but...

    I suspect the "10 year" figure is the estimate for going through all possible keys. This brute force method is an old standby for code-cracking because it works for almost everything, but many encryption algorithms allow more efficient attacks.

    128 bits is a pretty large key to attack with brute force, but depending on algorithm they used (and the attacks it is vulnerable to) it may not be enough to stop serious efforts.


    My mom is not a Karma whore!

  • But will it ever come to the U.S.?

    Sure, you're just not allowed to make international calls *grin*.

  • The Babelfish-English is a little strange indeed. This sentence could be translated into it would take a thousand pentium computers over 10 years to decode a 10-minutes phonecall BTW, but I guess you already got that :)

    I don't think the engineer who was cited, made any calculations. My bet is that he simply said this to emphasize the fact that it would take a lot of brute force to eavesdrop on such a call. After all, most people who will buy these things at this price, are the ones with money and without any real knowledge. And those people aren't interested in MIPS or algorithms, they just want to hear that it's (almost) impossible to crack.

  • I suspect the same coutries that have problems with people using PGP/GPG, such as France and Iraq. I don't mind about Iraq, but France is damn close to where I live :)

    And of course, in the free West, being America, this will be verboten too (isn't it ironic that this word comes from the country that doesn't prohibit this?).

  • But will it ever come to the U.S.?
  • the mobiles then use a 128 bit key

    I see your Schwar[t]z is as big as mine!
  • GSM only encrypts the air-link. This phone encrypts end-to-end.
  • Couple of questions, they GSM, CDMA? Can your use them in other countries? I find that the biggest problem with a mobile for security is that your exactly location can be triangulated. I personally use a modified Siemens S35 that allows me to connect to X number of towers which i can use to defeat that but DAMN this would KICK ASS. Particular in the wake of all the echelon articles....
  • P2P cell phones?

    Yeah, probably can work. The downsides are that as people move around you can lose connectivity for moments or minutes (although cell phones have this problem anyway to some extent, but this would be worse). To counteract that it would probably be necessary to keep several connections up simultaneously; in the hopes that there is atleast one route to the far end. That will mean that the phone will take a lot more current and will either be heavier or will flatten its batteries much more quickly.

    The other difficulty is routing in a highly dynamic link map- everyone is moving around all the time; links will be going up and down like mad things...

  • The question really is this" how far ahead is Big Brother? If you read the history of the NSA (in a book like The Puzzle Palace) you will find out it is believed they are many years ahead of industry in these matters. (as if most people don't think that already.)

    If I needed secure comms, I would get the best gear I could but ultimately I would be hoping that I was below Big Brother's radar. I'm not willing to bet my life on any of this crypto stuff. It takes more than gadgets... it takes good fieldcraft to communicate securely.

    Not that I'm doing anything that needs crypto, but I suspect that will change when my local Illuminati cell finally recruits me. What are they waiting for??
  • "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call".

    Umm... I don't know about you people, but that seems really pathetic to me. Hell, Google has 4000 such machines, and they aren't even in the crypto business. And we all know that the only thing that has kept Cray in business in the last few years was the NSA. So, put two and two together. If you are important enough for the NSA to care about hearing your calls, all they need to do is to spend a little computer time on cracking it. This is assuming that there are no "shortcuts" in the protocol, weakness that can be exploited in less time than it would take to brute force it.

    To give you a comparison to what REAL encryption, like PGP, would be able to withstand, my PGP e-mails would probably take more time to brute force using all today's computing power than the time that the universe has existed.

    --

  • Handy encodes discussions on push of a button

    Germany first Krypto Handy goes now into series production. Outwardly the encoding Handy resembles Siemens a S3ï, but the TopSec GSM device mentioned brings the measuring technique specialist Rohde and black on the market. Originally the development was advanced by the Siemens area information and Communication mobile, until Rohde and black at the beginning of of May took over the business segment hardware encoding of Siemens.

    Because conventional portable radio connections did not guarantee a complete privacy, Siemens researchers already developed a procedure, which makes a secured connection with genuine end to the end encoding in the Handy on push of a button one year ago. The Clou: The TopSec GSM " simulates " a speech transmission; the Handy for encoded discussions actually opens a GSM usual data channel however instead of the voice channel. This permits it to transfer encoded contents unchanged and transparency between two compatible receiving stations.

    For the setting up of a normal unencrypted connection one selects like used the call number of its interlocutor. If the telephone call is to be encoded however, then one presses an accordingly programmed soft key before the push button. The device switches then into the data mode; an additionally inserted, only stamp-large module codes and scrambles the exchanged data so thoroughly that even secret services cannot monitor, so the manufacturer. The safe connection can be however only structured, even if the interlocutor is attached a suitable Handy had or its ISDN telephone to a suitable encoding module.

    The devices of the communication partners exchange a new 128-Bit-Schluessel with each connection establishment. Each mark is selected another of 10 38 codes the available by coincidence procedures. " thousand Pentium computers would have to count over ten years, around the wording of a zehnminuetigen Telefonates to decode ", schwaermt a technician of the new procedure.

    Theoretically everyone may acquire the Handy, but the cost price of approximately 6000 Marks might limit the set of the buyers drastically. In some countries is besides the application of the encoding technique expressly forbidden. First user of the TopSec GSM is the German Minister of the Interior Otto Schily; he got a device from the pilot lot given ( Gerard Ducasse ) / ( dz / c't)

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • Kevin Mitnik.
    Though, as I recall, that went badly for him.

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • If I were running the echelon network, I would flag encrypted stuff for immediate decoding. Lord knows they have the cpu cycles to do it. Shit, the pentagon sits on top of a LAKE of liquid Nitrogen.

    In fact, I bet they have all conversations deciphered and "filtered" within one minute of the call is hung up.
    I'd also have competing geeks in charge of seperate decryption centers - probably their decryption times are a point of pride within the "company" - sorta like Geordi LaForge tweaking the warp engines.

    Ok.. I'm not sure about the following part, but it sounds kind of logical.

    Coincidentally, once someone "cracks" the encryption (it is private/public key based) encryption on one mobile phone, it any further encryption rendered "useless" from that phone, or just for data coming into/ out of that phone?

    hmm.. private keys are generated from a "random set of primes", if someone was to um.. "learn of" the code to make "random" numbers (because they are truly not random, but based upon some calculation that gives the appearance of "randomness" [is that a word?]), they could create private keys - or greately reduce the number of guesses in their attack on the encryption.

    after all, if the sim card (whatever, the little id chip in the phones) is linked to the user of the phone through billing records, etc... I'm sure it has a serial number / date / time produced. If one had the random prime generator, they could considerably weaken this whole encryption scheme.

    Of course, it would require the assistance of the Deutche Telecomm (or whoever).

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • Ok.. I'm not sure about the following part, but it sounds kind of logical. I'm probably full of s**t, but if someone who is knowledgeable about cryptography could explain my errors in logic / whatever, I would greatly appreciate it.

    Firstly, (basic question)
    Once someone "cracks" the encryption (it is private/public key based) encryption on one mobile phone, it any further encryption rendered "broken" from that phone, or just for data coming into/ out of that phone?

    Secondly, (kind of mind trippish)

    From what I understand, private keys are generated from a "random set of primes", or a "super" long, prime, random number.

    If someone was to um.. "learn of" the code to make "random" numbers (because they are truly not random, but based upon some calculation that gives the appearance of "randomness" )
    and reproduce the conditions of the original generation of the private key - they could generate private keys - and greately reduce the number of guesses in their attack on the encryption.

    After all, if the sim card (whatever, the little id chip in the phones) is linked to the user of the phone through billing records, etc... I'm sure it has a unique serial number / date / time / place produced burned into it.
    If one had the code for the random prime generator, they could considerably weaken this whole encryption scheme.

    Of course, such a project would require the assistance of the Deutche Telecomm (and/or whoever made the SIM cards/cell phones).

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • but what if the private key is generated once - at the factory - which I understand is the case, as it is a fairly intensive process to find long primes - my athlon 850 takes nearly a minute to make me a private key.

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • I'm pretty sure echelon has this covered, either through straight decoding, a government "key" or whatever.

    Also - you can be sure that encrypted calls will be decrypted by some government - after all -- their mindset is "if you have nothing to hide...". Especially in this situation, where the phones are not encrypted all the time (the user has to activly turn on security).

    If you are attracting so much attention to yourself - I suppose use for this will be more for commercial purposes than planning terrorism.

    hmm.. how much bandwidth does the call use? POTS is made to run with 4000hz of bandwidth, with the maximum data rate of about 56k (something about the maximum number of discrete signals possible within a certain block of bandwidth. Are calls going to sound good when they hit a land line?

    If the cell phones do hit a land line somewhere, I'm sure that the call must "fit" into a "standard" voice grade telephone circuit. which is slightly different in europe, but the bandwidth alloted for each connection is very close (don't have my euro telecomm handbook with me now, sorry)

    On a side note, the US Navy Seal teams use 256bit encryption, burst transmission technology in their headsets. That is some nice stuff - supposedly clear as a bell too. So nanana-boo-boo.

    Hmm.. the canadian rcmp in BC use encrypted radio sometime too, its not phone, but kind of annoying not being able to hear the swat deployments like you used to be able too.

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • I think what's really giving the NSA, CIA, FBI, Mossad, M5, M6, etc. the shits is the disposable cell phone with X pre-paid minutes bought with $20 dollar bill.

    If you're important (or notorious from the alphabet-agencies point-of-view) enough to need encryption, you're going to be better off with a simple anonymous phone (the same anonymous phone that every mom gives to her child before sending them off to school.)

    OTOH, my understanding is that the disposable phones will be "send only", so the receipiant may still be vulnerable to bugs, etc... I guess will have to wait and see what comes out of the product pipeline over the next couple of years.

  • Oh, please. This is still a toy, because you only have encryption between the phone and the cellular provider. The NSA, if they want, can still try to intercept the signal once it gets to your phone company, or the FBI can get a court order (or not) and silently tap your sad ass, just as easily.

    The NSA will break into cold sweats when there's backdoor-less phone-to-phone encryption with arbitrary and generally large keys using well-known and trusted cryptosystems. I don't think it's going to happen for a while.
  • The German: Tausend Pentium-Computer müssten über zehn Jahre rechnen, um den Wortlaut eines zehnminütigen Telefonates zu entschlüsseln

    The babelfish English: Thousand Pentium computers would have to count over ten years, around the wording of a zehnminuetigen Telefonates to decode


    Exactly what kind of pentium do they mean? A P-90 or a P4 1.7GHz? I think an 'around-the-clock' idiom got lost, but I still could use something more specific. I didn't Babel the entire page, just that selection. If I missed something, please fill me in.
  • Guess this means that all U.S. efforts to block encryption technology from leaving the country has failed. Surprise. Now that they have it in cell phones will U.Sam allow us to freely exchange web browsers?

    That depends on whether they adopted an algorithm first conceived in the U.S. or whether they came up with one of their own. And to answer the question, no they won't. Anything that makes it harder to kep tabs on Americans is generally opposed by the feebs. And, if it's foreign software, the spectre of trojans can always be invoked, regardless of the facts or the availability of the source code. They know most users, even savvy ones, won't do a code review before plopping something on their system with no more guarantee than a 'word-of-mouth' recommendation. Just tell them it can't be trusted and it's verboten.
  • I'm pretty sure echelon has this covered, either through straight decoding, a government "key" or whatever.

    Well, what I've read about Echelon says they're key-word driven. If they automatically flag all encrypted communications, they can break them at their leisure, but then turnaround becomes a problem. Once you break it, you still have to index it. By the time you get that done, there might already be a big hole in the WTC. Useful for prosecution, if not prevention.
    As to a backdoor, who knows? Europeans are very sensitive about this just now (and rightly so,) and they might embrace a non UK/USA(et. al.) solution even if they aren't German. I guess it comes down to the US' ability to compromise the design of whatever chip it is that does the heavy lifting.
  • There are significant technical issues to surrmount wrt latency for quality voice transmission in this model. Also, switching the network would be a fascinating exercise in either telepathy or very very powerfull phone handsets, afaict.

    ~cHris

    --
    Chris Naden
    "Sometimes, home is just where you pour your coffee"
  • "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call".

    In other words this encryption in nothing for the hugh computing powers of the likes of echelon!

  • That enigma machine you have to plug into them is kinda bulky...

    --
    All your .sig are belong to us!

  • Oh, please. This is still a toy, because you only have encryption between the phone and the cellular provider. The NSA, if they want, can still try to intercept the signal once it gets to your phone company, or the FBI can get a court order (or not) and silently tap your sad ass, just as easily.

    I assume that you have not read the article (ok it's in German, so no blame on you). It is made quite clear that the encrypted connection is made on a data channel (9.6 kbit/s) between the two phones. The provider does only see the encrypted stream.

    However it must be researched how the key exchange is done. I assume it's some sort of Diffie-Hellmann-Algorithm which might (under certain circumstances) be broken with a Man-In-The-Middle attack. Question is, how do they do the authentication. There's no information about this important feature available now.


    --

  • by karma kameleon ( 222035 ) on Wednesday May 30, 2001 @08:30PM (#187695)
    Smoking Man has a secret briefcase with a button and a knob marked 'Decrypt', which renders this technology and it's kin useless.
  • Well, not being a US citizen, I must say that I am damn glad that this tech did not originate in the US. That gives the rest of the world a chance to get a hold of it one day.

    The US are such bastards when it comes to crypto that any crypto tech that is being developed there is likely to stay there, or only leave in a watered-down version.

    I say hooray that non US companies are developing crypto, and keeping the US governments hands off the tech.


    --
  • I wonder why this couldn't be done in software in every mobile phone ? Every new mobile has a nice and speedy cpu in it, that should be able to encrypt the 2400 bytes of traffic a GSM mobilephone sends and receives on the fly. There are nice encryption algorithms like TEA that should be able to do this even with the limted processing power of a mobilephone. A $2700 mobile with encryption will not be a big problem for the secret services because almost noone will buy one, but a little firmware update that makes your old mobile to an mobile with powerfull and save encryption could be a problem.
    Firmware hackers where are you ?
  • "Zu dem" and "An dem" is usually contracted to "Zum" and "Am"
  • Wow, cool. Yet another step towards _anonymous_ portable communication. Cell phones are already more dificult for police & other agencies to tap, because it requires identifying the numbers the phones use to identify themselves to the cell companies. No problem if your surveillance team does it the legal way and gets a court order that the cell provider must cooperate with.

    In addition to this, here in europe, pay-as-you-go type cell plans are very very popular - you can walk into any radio-shack equivalent store and for the equivalent of $28 ( USD ) you can buy a package over the counter that gives you a number on your choice of the local services. Basically its just a smart-card chip you pop into your phone. No sign-up is required. You don't give your name or any details to anybody about who you are - just hand over the cash and get yourself a number. You have a limited amount of money on the card, and you can 'recharge' it buy buying a card with a code number from any convenience store that you punch into the phone to get more talk-time. Want a new number? Just buy a new smart-chip. There is nothing to prevent you from having a dozen of these.

    These are full-service plans too, complete with voice-mail, and all the cool services. They also have roaming so that if you have a tri-band phone you can use this pretty much anywhere in the world ( price per minute goes up a lot of course ). But clever use of this system could mean totally anonymous world-wide phone service.

    Now if you can combine this with medium-level encryption ( lets face it, 128-bit is not high these days, and a good cryptanalyst can certainly break this much easier than the claim of a thousand pentiums for a thousand years), we're really starting to see good secure private personal communications become and industry standard. I like it.

  • Pentium Computers? 10 years on a "Pentium Computer"?
    What, a Pentium 133Mhz? Im sure that'll be really helpful.
    :-)
  • What we have here is a mobile phone which only encrypts to the communications partner. Not to the person you call, the that can still be tapped.
    And, if you think this will protect you from goverment services, think again. Most large goverments (hint: America) could break that very easily (hint: Super Computer (Cray?)).
    And dont get me started on the price!
  • Hrm... I don't get this, GSM has always included 107bit Elliptical Curve Crypto right from the start.

    In fact, it was the first commercial mainstream product that included crypto, this caused a few political headaches apparently. This was meant to be the reason why it wasn't opened to peer-review, and consequentially cracked in 1998 by an Israeli team. It was secure for 9-10 years, which isn't too bad.

    Elliptical Curve is pretty smart, it requires very little CPU cycles.
  • Indeed specialized hardware takes alot of the fun (fun as in watching paint dry) out of brute-forcing a crypto scheme but there are limits to how effective it can be with longer keys. And of course a 128 bit key doesn't mean much without knowing the encryption algorithm and implementation which may have it's own flaws that make an attack relatively trivial.

    For example, why find an MD5 collision (128 bits) if all you need is to crack 40-bit RC4!
  • On any hardware device, especially one with analog circuits (like a cell phone) there can be plenty of sources of randomness: background static in the microphone, fluctuations of the RF signal. It should be quite easy to seed a random number generator from these sources. Even if the random number generator is known, it is not always possible to even remotely guess at what the next numbers will be without knowing the seed and internal state.

    As for the first question, most likely the key is used for a single session (phone call) and regenerated at each subsequent call. It is also definitely possible that the key may be regenerated during the phone call so every 10 seconds (for example) it may re-handshake with a new key thereby requiring an attacker to again crack the new encryption key.
  • Ok, suppose the way the phone works is that it has a fixed 4096-bit asymmetric key (on a smart card) and it's only used to encrypt the smaller 128-bit symmetric key. So in this case if the private key is compromised then you may be out of luck because an attacker will be able to decrypt the packets that are actually transmitting the symmetric key. However, there are methods (Diffie-Helman) of transfering a key between two parties such that an eavsdropper still cannot figure out the key. These are time consuming as you pointed out.
  • First, I'm dissapointed that this technology didn't originate in the United States. It's a sad thing, proof of the fact that government controls on crypto have inhibited U.S. companies from developing strong, easy crypto solutions.

    'Push of a button'. Gawd, I'd love to see that same button installed by default on M.S. Outlook, or Netscape Mail without a complex PGP install beforehand.

    This said, however, I would like to praise those who continue to break down the walls of encryption FUD that the United States government law enforcement has pushed onto the American peopole, even if they work from outside. The American government strongly opposes encryption of all kinds in the hands of Americans or non-Americans because of the possibility that it will be used by terrorists and criminals. This *proves* to both USians and the rest of the world that this is not the case. There is a valid market for crypto.

    Like an overprotective mother hen, the FBI, DOJ, and NSA have been working to keep americans safe inside of a non-crypto egg. We can't break out, as long as they have so many claws in both the legal process and communications industries. Usually eggs are good at keeping outside influcences out, but I strongly beleive that efforts like this from Germany (and the rest of the world) will be the beginning of a crypto hailstorm the likes of which will at once confound and terrify the ill-prepared USLE agencies and liberate Americans from the oppression created by a simple lack of privacy.

    Now let's support these guys and let them know how much we want these phones in the U.S.. At about $2.6k, they'll cost as much as a top of the line workstation, but as the userbase grows, you can bet the price will shrink.



  • Is it just me, or did this headline make anyone else think of some kind of gadget-festooned vehicle for a teutonic superhero?
    Ach! Blackhats are attacking the servers in Central City!

    Schnell! to the Crypto Mobile!


  • This is the tech that gave the NSA cold sweats. AT&T was going to make a cheep encrypted phone like this, it freaked out the general intelligence groups. They tried to make encryption unlawful, but it didn't work (as we all know). I would mind getting one of these just to spark hits on the computer they must have setup to find these types of calls when they are placed....

    Shameless Plug for my website:
    Wireless Lan Systems!
    Network over a 25 mile radius!
    MicroCellular Systems!
    www.techsplanet.com/wlan [techsplanet.com]

    Hey, at least I didn't use the BLINK tag!
  • sorry, I sell wLAN systems with average tickets over 5k all day, I start thinking 3k as cheep...


    :)
  • An encrypted cell phone is all good and well but it will be hard to know the true value of the phone until the algorithm has been throughly examined. Personally I would much rather have a phone based on a widely known and exceptedly secure encryption system such as pgp. Also, if such a system were implemented, cross product support would be possible, as well as connection to other devices such as computers. Think: pgp ncryptd txt msgs dl-able 2 u r comp
  • You know, something just lik this occurred to me about a month ago when there was the announcement about the java-enabled cell phones. Anyone have any idea if something like that would be possible?
  • Guess this means that all U.S. efforts to block encryption technology from leaving the country has failed. Surprise. Now that they have it in cell phones will U.Sam allow us to freely exchange web browsers?
  • I'm seeing all this talk about how a specially designed computer can smash DES or how governments can break it, etc. That's not the point. The point is to keep the cell phone equivalant of packet kiddies (the ones in the dorms that love to snoop your passowrds) from listening in on your call. An ecnryption method like this is hard enough they are highly unlikely to have the resources necessary to break it.

    This might sound silly to some, but things like this are a real problem. At least once every couple of years someone at U of A gets busted for using a scanner to evesdrop in on cordless phone calls. Now of course this is easily defeated by using a spread spectrum phone (DSS), however I'm sure that won't last. Sooner or later, we'll start to see scanners around that can listen in on those too (or for that matter they may be floating around and I just haven't heard about them). Same thing applies to cellphones. The technology will come out to listen in on them too. Well this adds another layer of significant difficulty. You really have to have a good reason to spend the time, effort and resources to crack an encrypted call like that.

    As of right now, I don't think there is a need for these en masse, and the price certianly reflects that. However, I'm sure in the comming years there will be.

  • And in this case, it's far more than that. The problem with the kind of scrambling now is that it's REALLY EASY (in a computational sense) to break. Granted, you still need a spiffy scanner/decryptor, but that's all. Now if you add some DES encryption, well that's going to push it up into the top .01% or so. In addition to everything else, now the packet kiddie will have to get some serious CPU power, which they aren't likely to have (otherwise, they wouldn't be a packet kiddie) and can't afford.

    It's kinda like SSHing instead of telnet. I don't do it to keep the government, etc from looking in. If they want to see what I'm doing they can just get a warrant to search my computer. I do it to keep all the l33t hax0rs from looking in on my datastream. Of course I use a good, strong, encryption scheme (blowfish usually) since it's available, but I'd settle for plan ole' DES is I had to. That would mean that the only people capable of looking in on my stream wouldn't be able to.

    Also another important factor of getting this going is working out all the general kinks. Perhaps later as small processors get cheaper and faster and as crypto laws loosen up we'll see better encryption implemented in phones. You have to start somewhere.

  • DM6000 is what, $2500? I wouldn't be surprised if the primary purpose of this phone isn't simply to flush out people who have what some people might consider, rightly or wrongly, a "suspicious concern for privacy". It will definitely flush out people who have too much money and aren't very smart.

    Hardware encryption itself is also both flawed and unnecessary. With hardware, you can't tell what bugs or backdoors may be in there, and if you discover anything, you can't fix it.

    There are options that are cheaper, more secure, and more standard around. Current laptops can do real time speech compression and encryption just fine, with software that uses known strong algorithms and is demonstrably without backdoors. You can plug in any of the wireless PCMCIA cards in there and have secure phone conversations over the Internet, not just another ccompatible ell phone user. If you need something smaller, a WinCE or LinuxCE handheld with a cellular phone/modem CF card will probably be a realistic option pretty soon.

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Working...