[liberationtech] Cellcrypt?
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Wed Feb 8 08:35:09 PST 2012
<DISCLAIMER>
I work since 2006 as a CTO for a company competitor of Cellcrypt
</DISCLAIMER>
It's a proprietary encryption technology, not subject to auditing to
anyone other than government customers.
It follow a "legacy" technological approach to cryptography by
leveraging secrecy, that's something in the culture of military
encryption technologies.
There are existing IETF standard protocols to satisfy almost any VoIP
encryption needs and a wide range of software (opensource/commercial,
desktop/mobile) that let you do encrypted phone calls on different
security model (end-to-end vs. end-to-site).
You can read an overview of most voice encryption related security
protocols (proprietary and non-proprietary) with a bit of history on
http://www.slideshare.net/fpietrosanti/voice-securityprotocol-review
I consider Snake-Oil [1] any approach that doesn't use:
- open standards
- open code (at least for encryption)
As my personal effort for transparency i managed the release of
implementation of cryptographic modules on http://zrtp.org .
Additionally you should pay attention to protect the SIGNALING, as the
phone-call-logs analysis could provide a worst impact on user privacy
than the content of a conversation.
Almost any interception goes before with an analysis of the
phone-call-logs (CDR) in order to detect targets in a communication
social network.
SIP/TLS (SIP over TLS) provide that kind of protection.
If you use a DHE capable SIP client, you can achieve also Perfect
Forward Secrecy protection for signaling (as long as you don't keep log
on server).
-naif
[1]
http://infosecurity.ch/20100719/snake-oil-security-claims-on-crypto-security-product/
On 2/8/12 5:10 PM, Cyrus Farivar wrote:
> Anyone done or seen any audits on Cellcrypt?
>
> http://www.cellcrypt.com/cellcrypt-mobile
>
> Best,
>
> -C
>
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list