Re: Secure comm program, Sockets + LINK
How do STU-III phones work then? Do they have some key in rom?
I don't remember the details (and if I did I'd have to kill you :-), but they use a little plastic key-shaped dongle that's got some memory in it, probably EEPROM, which contains keying information. Each key works in only a few phones, and each phone only supports a few keys. The keying information tells it what level of classification the phone is authorized for when the key is in it, and phone calls negotiate that when they set up. If the phone decides it doesn't like something, it's able to zero out the key's memory.
I dunno enough about STU-III phones. Maybe they don't care about man in the middle, or maybe they use fixed conventional of some sort for authentication. I have a vague memory of someone telling me that some of them have code keys.
When you're making a TOP SECRET phone call, you *do* care about man in the middle, just as you care about being in a soundproofed room. The session key exchange is done with Diffie-Hellman with authentication; I'm not sure if the authentication uses public-key or secret-key technology, but my guess is it's basic secret-key stuff. The military version of the phone uses classified secret-key algorithms, so presumably the key handling does too. Bill
participants (1)
-
wcs@anchor.ho.att.com