Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Encryption Security

Encrypt Phone Calls For Under $100 25

An anonymous reader wrote in to say "Seen on the IP list: a California company plans to offer a box that will securely encrypt your phone conversations, for less than $100 apiece. The company was founded by Cypherpunks who were upset about Clipper and wanted to create a good alternative. Looks like they're almost done. "
This discussion has been archived. No new comments can be posted.

Encrypt Phone Calls For Under $100

Comments Filter:
  • Gerald Bull. In this case, the cypherpunks aren't going up against the Mossad (Israeli security agency), and killing any of them is probably going to backfire rather badly.

    The only threat to "national security" is that the administration won't be able to use wiretapping to get the jump on their political opposition any more. Thank goodness, we may finally exorcise the ghost of the Nixon administration.

  • This is a great step forward. I'm very happy that someone will be bringing a product like this to market. It such a shame that it will bwe regulated to death real soon. Oh well.

    --Eric Gradman
    PGP key available.

    (first?)
  • They sould make an encryption-decryption box, not a phone set.
    That way you could run all your data securely, and it'd be much
    faster than software encryption.
  • I don't get it, what is your point?

    LINUX stands for: Linux Inux Nux Ux X
  • A voice encryption device needs a vocoder (voice coder/decoder). A vocoder converts analog voice to digital 1s and 0s. Most/many vocoders use a model of the human vocal tract to encode speech. Instead of transmitting a digitized waveform, the vocoder transmits the parameters of the vocal tract model. This approach results in much lower bit rates than general purpose waveform digitization. GSM and CDMA portable phones use vocoders.

    Phil Karn, KA9Q, has a web page [qualcomm.com] where you can listen to samples of various voice encoding techniques.

    For digital data, you skip the vocoder and pipe the data into the ECC (error correction code) encoder and modem.

  • Technology is going to outrace the politicians whether they like it or not. Engineers will always be smarter than the BigBrother loving politicians such as Janet Reno, and her henchmen in the NSA and FBI.

    BTW, the NSA, being recalcitrant in its dealings with congress may find itself extremely short of funds soon if they don't cooperate on the investigation of Echelon and other boondoggles.
  • This thing seems alot safer than those voice scramblers everyone(read: no-one) used to use, just build your own and listen to scrambled calls. All the "cracking" it took was tweaking a single trimpot.



    LINUX stands for: Linux Inux Nux Ux X
  • The boys in blue (or black) wouldn't have any problem here, I'm sure they would get there own; or in the case of someone under active investigation; just let the task force break in to see how its set up. The other coward was right, set up a phone, using high order digital encryption; so both data and voice could go thru. What man can encode;NSA can decode.
  • As far as I can tell, PGP phone is dead. There is an old beta on the web, but nothing since then.
  • Just a note... Eric Blossom's (he co-founded Starium) original 3DES voice encryption box displayed some sort of identifying information which, if checked, would prevent a man-in-the-middle attack. It may have been a hash of the key used or somesuch, I don't recall. Hopefully this new device will have some similar feature.
  • by Anonymous Coward
    PGP Phone is free....
  • by Logi ( 2799 ) on Sunday August 15, 1999 @03:56PM (#1745674) Homepage
    just let the task force break in to see how its set up

    Not so. The article says they are using the Diffie-Hellman key-agreement algorithm, which means that there is no permanent key at all -- no private key to steal. Instead, the two units will negotiate a new key each time you make contact with someone, but makes no effort to ensure that you are talking to the right person. You are simply expected to know their voice or to recognize them in some other way.

    They are using 2048-bit Diffie-Hellman which is about as secure as 2048-bit RSA. Diffie-Hellman is based on the discreete-logarithm problem and the best algorithms for solving that, given a large modulus, is pretty much the same algorithm that would be used to factor a large integer. The state of the art in factoring integers still below 512 bits, but is about to reach that mark. What is more, calculating one discreete-log will only give you the session key for a given session and no information about all the previous and subsecuent sessions, so it is even less appealing than trying to break RSA of the same size.

    What the attacker can do is to launch a man-in-the-middle attack, so your box will talk to the TLA-agency's box in a secure manner, that box will be sitting next to another box talking to the person you really wanted to talk to. Then they just cross-wire the audio signal and tape everything. This, however, is a much more difficult attack to launch. You need more support from the phone-company and more hardware to pull it off.

    It is also possible that the article is oversimplifying slightly and that there is some sort of identification going on in the hardware, but that would be much more difficult to use and people would frequently mess it up. The real problem in cryptography is key management. The rest is easy.

  • It may be dead, but it still works. I used to use it to talk to people over the net when I had a need for voice communication (say long distance girlfriend). The point is that software in your current computer will work as well as a hardwired encryption phone. Sure we could all spend hundreds of dollars more to get a dedicated phone, but with that much money we could buy a palm pilot or a Rio or something.
  • Ummm... I'd doubt that the NSA will ever be outsmarted my Engineers... Yeah, Reno, Senate, Congress, whomever may do things that we don't agree with, but don't for a moment think that that correlates to the stupidity of the intellegence community. They're all probably sitting around going "Hmmmmm? I wonder if we can convince them to pass this law? Oh wow! They did! How about this one then???"

    Anyways, if this product is anywhere near "secure" then I don't expect it to make it to market (at least in the US) anytime soon...If it does appear unmodified, that'll mean that there are methods to decipher it.
  • Is there software that can communicate with these secure phones? Because that way, they could expand their user base by distributing it as freeware, and it'd also make it harder for governments to destroy or restrict it. Also, how do we know the sofware or hardware in the device hasn't been tampered with, or been compromised by the company themselves? Remember Crypto AG?
  • Funny! A friend and I were discussing exactly this kind of product just a couple of nights ago. I thought it could be built; he tried to convince me that man-in-the-middle attacks would make it insecure. I was even going to let people read their key checksums over the phone to each-other, and he argued that voice sampling was getting advanced enough that even that could be faked. But don't they have public-key systems that are immune to man-in-the-middle attacks? So there should be no problem there...

    ...not a security person...
  • What about nautilus? Its been around from years.

"What is wanted is not the will to believe, but the will to find out, which is the exact opposite." -- Bertrand Russell, _Sceptical_Essays_, 1928

Working...