<DISCLAIMER> I work since 2006 as a CTO for a company competitor of Cellcrypt </DISCLAIMER> It's a proprietary encryption technology, not subject to auditing to anyone other than government customers. It follow a "legacy" technological approach to cryptography by leveraging secrecy, that's something in the culture of military encryption technologies. There are existing IETF standard protocols to satisfy almost any VoIP encryption needs and a wide range of software (opensource/commercial, desktop/mobile) that let you do encrypted phone calls on different security model (end-to-end vs. end-to-site). You can read an overview of most voice encryption related security protocols (proprietary and non-proprietary) with a bit of history on http://www.slideshare.net/fpietrosanti/voice-securityprotocol-review I consider Snake-Oil [1] any approach that doesn't use: - open standards - open code (at least for encryption) As my personal effort for transparency i managed the release of implementation of cryptographic modules on http://zrtp.org . Additionally you should pay attention to protect the SIGNALING, as the phone-call-logs analysis could provide a worst impact on user privacy than the content of a conversation. Almost any interception goes before with an analysis of the phone-call-logs (CDR) in order to detect targets in a communication social network. SIP/TLS (SIP over TLS) provide that kind of protection. If you use a DHE capable SIP client, you can achieve also Perfect Forward Secrecy protection for signaling (as long as you don't keep log on server). -naif [1] http://infosecurity.ch/20100719/snake-oil-security-claims-on-crypto-security... On 2/8/12 5:10 PM, Cyrus Farivar wrote:
Anyone done or seen any audits on Cellcrypt?
http://www.cellcrypt.com/cellcrypt-mobile
Best,
-C
_______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE