17 Dec
2003
17 Dec
'03
11:17 p.m.
h There are two different problems with eavesdropping cellular calls: - trying to find a *specific* person's calls - trying to find any interesting call. The former is still hard, but if unencrypted cellular credit-auth boxes become widespread, all you'll have to do is set your scanner to listen for 1200-baud tones and match for patterns that look like credit-card requests, since you don't really mind *who* you rip off. This is not good. One way around it is to use public-key crypto; however, simple symmetric-key crypto with different keys per vendor should be adequate, and the paper-trail for setting up credit-card service gives you a key distribution mechanism.