At 01:39 PM 11/19/2003 -0500, Jack Lloyd wrote:
"We allow everyone to check the security for themselves, because we're the only ones who publish the source code," said Rop Gonggrijp
"We are currently performing a internal round of reviews with a expert group of security researchers and cryptographers. Depending on the results of this review and the time it takes us to implement the relevant recommendations, our current plan is to have the Source available for Download: 23.11.2003" (http://www.cryptophone.de/html/downloads_en.html)
We'll see.
If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though. steve
Steve Schear wrote:
If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though. *nods* it is over a POTS or ISDN (ie, normal phone) conversation, not over IP. have to wait and see what the code looks like to see exactly what crypto and how it is keyed as well.
as a related aside - does anyone know of a decent SIPS VoIP implimentation? preferably one that uses some sort of PKI?
At 09:57 PM 11/19/2003 +0000, Dave Howe wrote:
Steve Schear wrote:
If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though. *nods* it is over a POTS or ISDN (ie, normal phone) conversation, not over IP. have to wait and see what the code looks like to see exactly what crypto and how it is keyed as well.
as a related aside - does anyone know of a decent SIPS VoIP implimentation? preferably one that uses some sort of PKI?
No, but this may be of interest. http://www.technologyreview.com/articles/wo_hellweg111903.asp Its closed source but claims to use AES. steve
Steve Schear wrote:
No, but this may be of interest. http://www.technologyreview.com/articles/wo_hellweg111903.asp
Its closed source but claims to use AES. *nods* closed source, proprietory protocol, as opposed to SIP which is an RFC standard (and interestingly, is supported natively by WinXP) Might not be snakeoil, but I am giving it a wide berth anyhow.
On Wednesday 19 November 2003 05:33 pm, Dave Howe wrote:
Steve Schear wrote:
No, but this may be of interest. http://www.technologyreview.com/articles/wo_hellweg111903.asp
Its closed source but claims to use AES.
*nods* closed source, proprietory protocol, as opposed to SIP which is an RFC standard (and interestingly, is supported natively by WinXP) Might not be snakeoil, but I am giving it a wide berth anyhow.
SIP is just the part of the VoIP protocols that handling signaling (off-hook, dialing digits, ringing the phone, etc.). The voice data is handled by Real-Time Streaming Protocol (RTSP), one stream for each direction. -- Neil Johnson http://www.njohnsn.com PGP key available on request.
On Wednesday 19 November 2003 05:33 pm, Dave Howe wrote: SIP is just the part of the VoIP protocols that handling signaling (off-hook, dialing digits, ringing the phone, etc.). The voice data is handled by Real-Time Streaming Protocol (RTSP), one stream for each direction. *nods* and it is normally UDP, which is good for latency and lousy for NAT
Neil Johnson wrote: traversal. Partysip supports rtsp over tcp I believe - as a proxy, which adds yet another layer of latency *sigh*
If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though.
While the phone hardware is EU3500/pair, the Windows software is free - we'll see if they've set it up in a way that PC-to-PC connections work. I'm also interested in the question of whether they've learned some of the technical lessons that the SpeakFreely project learned (e.g. NAT, delay accumulation from TCP, tuning for Windows perfomance.) While this phone isn't Free Software in the RMSically-correct sense or even the BSD "leave our name on it and don't sue us" sense, it's at least openly published for inspection, though unless the programming environment that it supports is very resticted, the "compile the code and compare the binaries" approach is pretty lame, since optimizing compilers tend to make it difficult. Skype is a non-starter from a security perspective - too many proprietary parts, apparently including codecs, closed source, documentation written by people who don't understand cryptographic security beyond the buzzword level on a team that's small enough that you'd expect that that implies the coders don't either. On the other hand, if it gets more than 15 minutes of fame worth of use, it may be an interesting experiment in user interface and architecture, which somebody else could use with better crypto and policies. Bill
On Wed, Nov 19, 2003 at 12:59:36PM -0800, Steve Schear wrote:
If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN
FYI I did a Q&A with the Skype folks when I was in Stockholm last month that mostly focuses on privacy; it should be up on News.com within the week. --Declan
On Wed, Nov 19, 2003 at 12:59:36PM -0800, Steve Schear wrote:
At 01:39 PM 11/19/2003 -0500, Jack Lloyd wrote:
"We allow everyone to check the security for themselves, because we're the only ones who publish the source code," said Rop Gonggrijp
"We are currently performing a internal round of reviews with a expert group of security researchers and cryptographers. Depending on the results of this review and the time it takes us to implement the relevant recommendations, our current plan is to have the Source available for Download: 23.11.2003" (http://www.cryptophone.de/html/downloads_en.html)
We'll see.
If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though.
From what I've gathered from the diagrams in [1], it seems to be using AES-256 in counter-mode XORed together with Twofish counter-mode output, Twofish also being keyed with a 256 bit value. I sense paranoia here - but being paranoid myself sometimes I very much welcome this decision! Those two keys are derived by means of SHA-256 from the DH key exchange for which a 4096 bit modulus. Neat.
The only thing I can't see clearly in the diagram is the authentication of the DH exchange. Maybe this is the third SHA-256 hash which goes back to "User" ? Hmm.. Does this mean the users have to read of SHA-256 hash values to each other after the connection has been established? Oh. Right. It says "Readout hash based key authentication" on the left hand side of the spec. Dunno whether I like that. There should be a means to cache credentials after an initial trust relationship between communicating parties has been established. But from what I understand, this type of scheme is exactly what the implementors wanted to avoid. Cheers, Ralf [1] GSMK CryptoPhone 100 technical specifications http://www.cryptophone.de/downloads/gsmk100.pdf -- Ralf-P. Weinmann <weinmann@cdc.informatik.tu-darmstadt.de> PGP fingerprint: 1024D/EF114FC02F150EB9D4F275B6159CEBEAEFCD9B06
participants (6)
-
Bill Stewart -
Dave Howe -
Declan McCullagh -
Neil Johnson -
Ralf-P. Weinmann -
Steve Schear