Active Eavesdropping of Clipper Phones
Bill_Stewart_HOY002_1305
wcs at anchor.ho.att.com
Thu Sep 30 09:21:54 PDT 1993
There are a variety of ways around Diffie-Hellman spoofing.
The current STU-III phones from AT&T, Motorola, etc., use several
approaches - there's the Crypto Igniter Key dongles that you need
to authorize your phone, which provides one form of out-of-band
authentication (partly authentication of the DH keys, but more important
is authentication that the person at the other end is probably cleared
for the level of classification you're running the call at);
there's also an LCD display on the phone that shows the other person's
DH half-key, so you can do voice verification if you want.
They may do other stuff as well.
Scott Collins mentioned the "digital signature on RSA keys",
which the Capstone phones probably do even though Clipperphones
probably won't. There are also tricks about sending half the key
at a time, though they're apparently still hackable.
Bill
More information about the cypherpunks-legacy
mailing list