Bill Frantz <frantz@netcom.com> writes:
At 4:39 AM -0800 1/16/97, Adam Back wrote:
- PIN for phone's RSA signature keys
It is not clear you need signatures in the secure phone case. Eric Blossom's 3DES uses straight DH for key exchange with verbal verification that both ends are using the same key.
How does Eric's box display the negotiated key to the user? (I don't recall the pair I saw having displays).
As long as the man in the middle can't imitate a familiar voice, this procedure is reasonably secure.
This is the approach taken by PGPfone also. If the value of the conversations was high (>$100,000?) passable voice imitation wouldn't be that hard I suspect. Also I thought it would be kind of cute if there were some way for phones to exchange their signature keys `face to face' as well.
I agree that signatures of some kind are needed to identify the phone to the cell company to prevent an all too familiar technique of stealing phone service. But this protection would not be a 3rd party cell phone upgrade.
It's about time something was done about that problem. Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`