The New Mykotronix phones...
Okay, let's suppose that the NSA/NIST/Mykotronix Registered Key system becomes standard and I'm able to buy such a system from my local radio shack. Every phone comes with a built in chip and the government has the key to every phone call. I go and buy a phone and dutifully register the key. What's to prevent me from swapping phones with a friend or buying a used phone at a garage sale? Whooa. The secret registered keys just became unsynchronized. When the government comes to listen in, they only receive gobbledly-gook because the secret key registered under my name isn't the right one. That leads me to conjecture that: 1) The system isn't that secure. There are just two master keys that work for all the phones in the country. The part about registering your keys is just bogus. or 2) The system is vulnerable to simple phone swapping attacks like this. Criminals will quickly figure this out and go to town. In either case, I think we need to look at this a bit deeper. -Peter Wayner
Peter Wayner says:
What's to prevent me from swapping phones with a friend or buying a used phone at a garage sale? Whooa. The secret registered keys just became unsynchronized. When the government comes to listen in, they only receive gobbledly-gook because the secret key registered under my name isn't the right one.
Perhaps you can deduce which chip is doing the encryption by identification data transmitted by the chip down the line -- they might identify themselves, making it impossible for you to avoid having them figure out which pair of keys registered with the Ministry of Truth and the Ministry of Love are to be used to listen in on your conversation. After all, they keys are registered by the manufacturer... Perry PS We all remember the Ministry of Love and the Ministry of Truth, don't we? This proposal was, of course, created by a group spun off from the Ministry of Peace, a.k.a. No Such Agency.
Date: Fri, 16 Apr 1993 14:54 CDT From: Peter Wayner <pcw@access.digex.com> Okay, let's suppose that the NSA/NIST/Mykotronix Registered Key system becomes standard and I'm able to buy such a system from my local radio shack. Every phone comes with a built in chip and the government has the key to every phone call. I go and buy a phone and dutifully register the key. What's to prevent me from swapping phones with a friend or buying a used phone at a garage sale? Whooa. The secret registered keys just became unsynchronized. When the government comes to listen in, they only receive gobbledly-gook because the secret key registered under my name isn't the right one. Knowing nothing except what I've read on the net today, I suppose that while scrambling the phone conversation the chip inserts in the data stream some ID (perhaps once per second) to tell the govt. which chip is doing the scrambling. This would allow multiple trapdoor keys (as claimed) and also there would be no need for phone users to register. The chip might also insert the number of the phone originating and/or receiving the call, though presumably the wiretappers would already know this. -- Peter Meyer
participants (3)
-
Perry E. Metzger
-
Peter Meyer
-
Peter Wayner