On Wed, Nov 19, 2003 at 12:59:36PM -0800, Steve Schear wrote:
At 01:39 PM 11/19/2003 -0500, Jack Lloyd wrote:
"We allow everyone to check the security for themselves, because we're the only ones who publish the source code," said Rop Gonggrijp
"We are currently performing a internal round of reviews with a expert group of security researchers and cryptographers. Depending on the results of this review and the time it takes us to implement the relevant recommendations, our current plan is to have the Source available for Download: 23.11.2003" (http://www.cryptophone.de/html/downloads_en.html)
We'll see.
If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though.
From what I've gathered from the diagrams in [1], it seems to be using AES-256 in counter-mode XORed together with Twofish counter-mode output, Twofish also being keyed with a 256 bit value. I sense paranoia here - but being paranoid myself sometimes I very much welcome this decision! Those two keys are derived by means of SHA-256 from the DH key exchange for which a 4096 bit modulus. Neat.
The only thing I can't see clearly in the diagram is the authentication of the DH exchange. Maybe this is the third SHA-256 hash which goes back to "User" ? Hmm.. Does this mean the users have to read of SHA-256 hash values to each other after the connection has been established? Oh. Right. It says "Readout hash based key authentication" on the left hand side of the spec. Dunno whether I like that. There should be a means to cache credentials after an initial trust relationship between communicating parties has been established. But from what I understand, this type of scheme is exactly what the implementors wanted to avoid. Cheers, Ralf [1] GSMK CryptoPhone 100 technical specifications http://www.cryptophone.de/downloads/gsmk100.pdf -- Ralf-P. Weinmann <weinmann@cdc.informatik.tu-darmstadt.de> PGP fingerprint: 1024D/EF114FC02F150EB9D4F275B6159CEBEAEFCD9B06