From lists@infosecurity.ch Fri Jul 6 02:39:01 2018 From: "Fabio Pietrosanti (naif)" To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [liberationtech] Cellcrypt? Date: Fri, 06 Jul 2018 02:39:01 +0000 Message-ID: <172289094209.3849117.13714810653851187404.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8446070896310015009==" --===============8446070896310015009== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I work since 2006 as a CTO for a company competitor of Cellcrypt It's a proprietary encryption technology, not subject to auditing to anyone other than government customers. It follow a "legacy" technological approach to cryptography by leveraging secrecy, that's something in the culture of military encryption technologies. There are existing IETF standard protocols to satisfy almost any VoIP encryption needs and a wide range of software (opensource/commercial, desktop/mobile) that let you do encrypted phone calls on different security model (end-to-end vs. end-to-site). You can read an overview of most voice encryption related security protocols (proprietary and non-proprietary) with a bit of history on http://www.slideshare.net/fpietrosanti/voice-securityprotocol-review I consider Snake-Oil [1] any approach that doesn't use: - open standards - open code (at least for encryption) As my personal effort for transparency i managed the release of implementation of cryptographic modules on http://zrtp.org . Additionally you should pay attention to protect the SIGNALING, as the phone-call-logs analysis could provide a worst impact on user privacy than the content of a conversation. Almost any interception goes before with an analysis of the phone-call-logs (CDR) in order to detect targets in a communication social network. SIP/TLS (SIP over TLS) provide that kind of protection. If you use a DHE capable SIP client, you can achieve also Perfect Forward Secrecy protection for signaling (as long as you don't keep log on server). -naif [1] http://infosecurity.ch/20100719/snake-oil-security-claims-on-crypto-security-= product/ On 2/8/12 5:10 PM, Cyrus Farivar wrote: > Anyone done or seen any audits on Cellcrypt? =20 >=20 > http://www.cellcrypt.com/cellcrypt-mobile >=20 > Best, >=20 > -C=20 >=20 _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click abov= e) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator = in monthly reminders. Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============8446070896310015009==--