Re: GSM crypto upgrade? (was Re: Newt's phone calls)
At 3:41 PM -0800 1/16/97, Adam Back wrote:
Bill Frantz <frantz@netcom.com> writes:
At 4:39 AM -0800 1/16/97, Adam Back wrote:
- PIN for phone's RSA signature keys
It is not clear you need signatures in the secure phone case. Eric Blossom's 3DES uses straight DH for key exchange with verbal verification that both ends are using the same key.
How does Eric's box display the negotiated key to the user? (I don't recall the pair I saw having displays).
I have not seen the production box, I am going from my memory of Eric's preproduction description at a meeting last spring. I hope someone who knows what they are talking about will butt in here if I am wrong. The box has a 3 or 4 digit display which displays "something" about the 3DES key, where "something" is some of the bits, or a hash, or ... With 3 decimal digits, a MIM attacker has a 999 out of 1000 chance of getting caught. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz@netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA
frantz@netcom.com (Bill Frantz) wrote:
The box has a 3 or 4 digit display which displays "something" about the 3DES key, where "something" is some of the bits, or a hash, or ... With 3 decimal digits, a MIM attacker has a 999 out of 1000 chance of getting caught.
Not true. It will take a MIM machine less than a tenth of a second to come up with a 3DES key that will have the same three digit hash. Remember the attack found about Clipper's LEAF hash, which was only 16 bits long?
participants (2)
-
Bill Frantz -
Liz Taylor