Well, this all sounds fine and dandy, but... 1) They are not passing out the algorithym, and I dont trust ANYONE to tell me its secure. I am not a cryptographer, so it wouldn't help any if they gave the code to me, but it just being out there for public perusal helps me to think it IS secure. I trust no payola. 2) It is very possible that the 'criminal' effort may be able to modify these devices so that there is no possiblility for the agencies to decrypt their trasmissions (If it IS truly secure with no backdoors or decyphering possibilities) in which case, it can only harm the law abiding. 3) It allows the government the ability to determine WHAT encryption method industry uses, and they should be able to have a choice. Those who understand this very misleading comment will understand, those who do not, will prolly never be able to. 4) No explanation of what the 'key' contents are composed of (numbers, letters, alphanum, characters, some odd cyphercode???) is even implied. 5) No explanation of how the key is propegated or if it will even be needed for the remote site is mentioned. How are the remote sites going to decypher your cyphersounds(text)? There was no mention of further releases in information...is this all we get? treason@gnu
Date: Fri, 16 Apr 1993 15:13 CDT From: treason@gnu.ai.mit.edu Well, this all sounds fine and dandy, but... 1) They are not passing out the algorithym, and I dont trust ANYONE to tell me its secure. ... 4) No explanation of what the 'key' contents are composed of (numbers, letters, alphanum, characters, some odd cyphercode???) is even implied. 5) No explanation of how the key is propegated or if it will even be needed for the remote site is mentioned. How are the remote sites going to decypher your cyphersounds(text)? There was no mention of further releases in information...is this all we get? treason@gnu Question (5) is particularly acute. Offhand I can think of two ways the remote site might decrypt the message: 1. If the two phones can talk to each other then the originator phone might ask the receiver phone for its public key (as in public key cryptography) and then use this to encrypt the message. (The receiver phone then decrypts with its private key.) But since the encryption is occurring in real time, this is probably not feasible unless short keys are used. 2. The originator phone might simply send the encryption key down the line, perhaps itself encrypted or disguised in some way. If so then it might not be too hard to discover the key. In this case all security lies in ignorance of the encryption algorithm used (violating crypto- logical principles). It probably wouldn't be too long (at most a year or so) before someone figures out what the algorithm is, in which case all security is compromised. However, security in particular cases is relative to the expertise of the attacker, so it might still be the case that one's neighbors and business competitors could not decrypt the message, even if XYZ Security Consultants could. -- Peter Meyer
participants (2)
-
Peter Meyer
-
treason@gnu.ai.mit.edu