If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though.

While the phone hardware is EU3500/pair, the Windows software is free - we'll see if they've set it up in a way that PC-to-PC connections work. I'm also interested in the question of whether they've learned some of the technical lessons that the SpeakFreely project learned (e.g. NAT, delay accumulation from TCP, tuning for Windows perfomance.) While this phone isn't Free Software in the RMSically-correct sense or even the BSD "leave our name on it and don't sue us" sense, it's at least openly published for inspection, though unless the programming environment that it supports is very resticted, the "compile the code and compare the binaries" approach is pretty lame, since optimizing compilers tend to make it difficult. Skype is a non-starter from a security perspective - too many proprietary parts, apparently including codecs, closed source, documentation written by people who don't understand cryptographic security beyond the buzzword level on a team that's small enough that you'd expect that that implies the coders don't either. On the other hand, if it gets more than 15 minutes of fame worth of use, it may be an interesting experiment in user interface and architecture, which somebody else could use with better crypto and policies. Bill

On Wed, Nov 19, 2003 at 12:59:36PM -0800, Steve Schear wrote:

At 01:39 PM 11/19/2003 -0500, Jack Lloyd wrote:

...

...

...

"We allow everyone to check the security for themselves, because we're the only ones who publish the source code," said Rop Gonggrijp

"We are currently performing a internal round of reviews with a expert group of security researchers and cryptographers. Depending on the results of this review and the time it takes us to implement the relevant recommendations, our current plan is to have the Source available for Download: 23.11.2003" (http://www.cryptophone.de/html/downloads_en.html)

We'll see.

If and when this is accomplished the source could then be used, if it can't already, for PC-PC secure communications. A practical replacement for SpeakFreely may be at hand. The limitation of either direct phone or ISDN connection requirement is a problem though.

From what I've gathered from the diagrams in [1], it seems to be using AES-256 in counter-mode XORed together with Twofish counter-mode output, Twofish also being keyed with a 256 bit value. I sense paranoia here - but being paranoid myself sometimes I very much welcome this decision! Those two keys are derived by means of SHA-256 from the DH key exchange for which a 4096 bit modulus. Neat.

The only thing I can't see clearly in the diagram is the authentication of the DH exchange. Maybe this is the third SHA-256 hash which goes back to "User" ? Hmm.. Does this mean the users have to read of SHA-256 hash values to each other after the connection has been established? Oh. Right. It says "Readout hash based key authentication" on the left hand side of the spec. Dunno whether I like that. There should be a means to cache credentials after an initial trust relationship between communicating parties has been established. But from what I understand, this type of scheme is exactly what the implementors wanted to avoid. Cheers, Ralf [1] GSMK CryptoPhone 100 technical specifications http://www.cryptophone.de/downloads/gsmk100.pdf -- Ralf-P. Weinmann <weinmann@cdc.informatik.tu-darmstadt.de> PGP fingerprint: 1024D/EF114FC02F150EB9D4F275B6159CEBEAEFCD9B06