Re: The Crypto Home Shopping Network
I think RC4 is the 32 bit cypher used in cellular phones throughout Europe. Rumour has it it can be cracked in realtime. The actual cypher is secret though, which makes it *very* interesting that it'll be available in a software product. The phones use custom chips... G
From: gtoal@an-teallach.com (Graham Toal) I think RC4 is the 32 bit cypher used in cellular phones throughout Europe. Rumour has it it can be cracked in realtime.
I dunno whether that's RC4, but RC4 is a stream cipher developed by Rivest. It's not patented; instead, RSADSI licenses it only as an object module. RC4 and RC2 (a block cipher) use variable-length keys, and can be exported if the key length is 40 bits or less. (Naturally, they're not very strong when used this way...) Eli ebrandt@hmc.edu finger for PGP key.
Eli Brandt says:
I dunno whether that's RC4, but RC4 is a stream cipher developed by Rivest. It's not patented; instead, RSADSI licenses it only as an object module.
I believe you get sources if you get a source license for their stuff. I may be wrong, but I was going through the process of getting a license for Lehman Brothers when I was there, and I don't recall anything about objects only for RC2 and RC4... Perry
Graham Toal says:
I think RC4 is the 32 bit cypher used in cellular phones throughout Europe.
No. (RC4 is simply Rivest Cipher 4, or Ron's Cipher 4. Its a stream cipher that RSA sells. It has nothing to do with the GSM standards.)
Rumour has it it can be cracked in realtime.
No. (It is true that only 40 bit key (or smaller) versions of RC4 are exportable, and that exported RC4 is often pretty quick to crack as a result. Even under this limited sense of the exported keysize-limited versions, however, it isn't real time.)
The actual cypher is secret though,
No. (Its merely trade secret protected -- you get full details if you buy a license from RSA, which is not an uncommon thing. No security clearances or anything. If you have a copy of any one of several Lotus or other programs you have RC4 right on your machine, and if you have a disassembler you can likely find out exactly how it works.)
which makes it *very* interesting that it'll be available in a software product.
No. (Its available all over the place. Dozens of products in your local computer store use it, and all are software.) Perry
I think RC4 is the 32 bit cypher used in cellular phones throughout Europe. Rumour has it it can be cracked in realtime. The actual cypher is secret though, which makes it *very* interesting that it'll be available in a software product. The phones use custom chips...
No, RC4 is not the European cellular phone encryption algorithm, but that 32-bit figure *has* come up in discussions of what NSA will allow the carriers to put into next-generation digital cellular telephones. The fact that NSA lets out RC2/RC4 with 40 bit keys, but is limiting new algorithms for cellular to 32 bits may or may not say something about the strength of RC2/RC4. I believe the current context for the discussions is data services, as opposed to voice services. This is of course a tempest in a teapot since cellular data users will be in a much better position to encrypt for themselves using whatever algorithms and protocols they like. The battle for digital cellular voice privacy, on the other hand, was lost several years ago. And most cellular users will not be in a position to add their own strong encryption, especially since it usually requires the cooperation of the carrier. Phil
Phil Karn writes: No, RC4 is not the European cellular phone encryption algorithm, but that 32-bit figure *has* come up in discussions of what NSA will allow the carriers to put into next-generation digital cellular telephones. By "allow", I'm assuming that you mean "allow for export". Or, are you saying that they won't allow strong crypto in *domestic* next-generation cellular phones? What forms have the "incentives" or "disincentives" taken? Eric Blossom
By "allow", I'm assuming that you mean "allow for export".
Technically, yes.
Or, are you saying that they won't allow strong crypto in *domestic* next-generation cellular phones?
De facto, if not de jure. As has been the case for several years, the NSA publicly maintains that it is not interested in controlling the domestic use of strong cryptography. But the standards committee that controls this stuff (the TIA TR45.0.A "Ad Hoc Authentication Group") is made up largely of the technically incompetent and/or "spook wannabees" sympathetic to the government. With a single exception, the members all represent cellular vendors and carriers, not end users. The single exception is a NSA R&D employee legitimately representing the US government as a potential end user of digital cellular.
What forms have the "incentives" or "disincentives" taken?
It is clear that without a strong, organized demand by the US public as a whole for meaningful cell phone privacy, the cellular industry has no real incentive to provide it. NSA only had to suggest very quietly that the lack of meaningful cryptographic privacy would make it much easier to export digital cellular technology, and the industry quickly got the hint. After all, they were really only concerned about cellular fraud in the first place (hence the use of "authentication" in the group name) and they'll care about end-user privacy only if it hits them in the bottom line. So far it hasn't. Indeed, we're now starting to see protests and demands for real privacy from some of our potential non-US customers; how we could ever meet it under the ITARs is a good question. Phil
participants (5)
-
Eli Brandt -
Eric Blossom -
gtoal@an-teallach.com -
Perry E. Metzger -
Phil Karn