DISQUS

AJS · 3 years ago

Unbreakable my a**e.

Diffie-Hellmann key exchange is vulnerable to "Man-in-the-Middle" attacks. Unless you performed the initial key exchange through some secure channel {say, InfraRed} then you can't be sure someone isn't pretending to you to be the person you called, and to the person you called to be you.

Also, without access to the source code, you can never, ever be sure that an encryption system is even half secure.

Todd · 3 years ago

The "initial key exchange" is performed before any communications are attempted (at setup time). The article specifically mentions "shared secret". By definition, this excludes a MitM type attack, unless the MitM is also in the circle of *allowed* communicators

Richard · 3 years ago

Isn't the Man-in-the-Middle attach mitigated by the hash on the display. When your friend on the other ends reads out the wrong hash you know something's wrong.

Matt · 3 years ago

AJS,
you read out the HASH checksum that is indicated on the display to teh person on the other end and if it matches then there is no man in the middle.

umm yeah · 3 years ago

Great idea really but the problem is that the key generation takes place before each call which means that it has to be transmitted. Someone watching the air waves could grab the keys as they fly by.

Anonymous · 3 years ago

Keys are never sent in clear. That's the purpose of the Diffie-Hellman algorithm. Key agreement. Both phones end up with the same shared secret after the algorithm is done. So, they can both use this shared secret for encryption of the voice channel. However, MitM is a concern with Diffie-Hellman. So, to protect against this, both phone compute a hash over the shared key and display this hash on the phone screen. When the phone call begins, one of the user must read the hash to the other user and they must make sure it matches. If not, there is a MitM and they will then drop the call. ZRTP is an extension to SRTP that use the same mechanism.

Best Regards,
Guylain Lavoie, M5T Inc.

Anonymous · 3 years ago

This phone is in fact a modified Sagem X8 (excellent phone btw)...

other · 3 years ago

Is there an Asterisk plug-in yet?

ShadowEyez · 3 years ago

Regardless of whether this particular system is secure (DH, 1024 bit RSA, 128 bit symmetric, closed source code) the fact that there is a phone that does this at all is a step in the right direction. Ideally it would not use DH, have a 256-bit AES key, 4096-bit RSA key, have open source encyrption routines with flashable firmware, and not make peoples voices sound like robots. But this is a good start that could LEAD to a phone like that.

Matt H. · 3 years ago

This reminds me a lot of CryptoPhone who did actually publish their crypto source. Users were encouraged to compile the source and verify that the results of the compilation were byte for byte identical with the contents of the firmware.

Also... Tanner/Lane-Smith/Lareau have some things to say about encrypting voice over the data channel in their DefCon presentation from last year [PDF].

My personal experience is that latencies in excess of 350 msec are typical over EDGE, so... get ready to pretend you're GI-Joe by ending every sentence with "Over."

Just remember... The DoD is moving away from DH over a finite field in favor of EQMV and ECDH (more info at http://www.cryptonomicon.net/msh/2006/02/no-dl-or-rsa-in-suite-b.html.)

Finally... When using DH, both parties need to be using the same values for the generator and the modulus. There was some concern in the 90's about insecure values for g and p; if an attacker could force you to use an insecure generator, he might be able to recover the agree'd key by listening in to the key establishment conversation. I seem to recall that Vaudenay published a similar attack for DSA.

In any event, the moral of the story is. Yawn. Another phone that encrypts voice over a high-latency GSM data channel. I'm not the worlds biggest fan of X.509, but it would be awefully cool if you could exchange self signed certs via IR or SMS, then make a non-encrypted call, verify the cert fingerprints, assign "trust" to the local copy of the cert and use this trusted cert as part of the authentication phase before key agreement.

DTLS (SSL for lossy, UDP style connections) was recently published. This might be a good option for people wanting to do this in the future. That way you could just do SIP/RTP over GSM (or WiFi) with DTLS configured to do ephemeral keying.

Just a though.

khaled abdullah · 3 years ago

we are tawassel company for communications
we want to buy 200 pecs of vectrotel x8

handbags · 3 years ago

http://tiny.pl/9mpp handbags handbags

David · 2 years ago

VECPROM was the first real partnercompany of SAGEM, who distributes the vectrotel in Eastern Europe. Great story/Great sucess.

ugran · 2 years ago

The new version of x8 have the same source code like the S3
The company vecprom says, that the S3 is saver then the new. Its logical, because their is no way to secure pictures or sms, it cost to much capacity. To secure not only voice, you can get vecprom dms. This is the network solution.

Mirat · 2 years ago

The device is one point; the network is the other thing. Only the combination with the modem, the x8 makes sense, when you will secure not only the voice. This is hugde expensive! The Vecprom DMS which is compatibliy to the Vectrotel cost around 7K Euro. Then you need more then 2000 computers on the edge and more the 2500 in the core and you have a 25percent chance to decrypt in 2 years. The luxery vecprom version costs around 22K Euro and you have no way to decrypt because the modem change the channel all 35 seconds.

Vali · 2 years ago

The complete VECPROM Solution makes a real sense. But this solution cost around 13K$. But without a officiliy legitimation, you cant buy nothing form VECPROM

Toni · 2 years ago

The x8 is only a part in the whole VECPROM roll out of Radio Encryptors, Facsimile Encryptors, Secure Terminals and Key Management and Station Center. In the Terminal-Management is the source-code.........Have fun and secrets...

Peter · 2 years ago

Only the whole programm from the edge to the core make sense. To protec the core you need the gouvernmental protection. Obviously have Vecprom this high level protection!!! Its not possible without this "roof" to act in the core because of the key-sources. To create the keys its a must to cooperate!

Siha · 2 years ago

VECPROM is in the line by the telecos; how can this works without protection? The x8 is coming from Sagem; Sagem is protected also. What is the result? What they will see and know, they knew and see...

urs · 2 years ago

I mean that their are 3 open doors. The sms. Then the pictures and of course last not least the network-link. When you write SMS or you send pictures, the door is wide open because you can not use the second channel. Sagem knows this and Vecprom also. In this moment when you connect your smart phone with the net, in this step you need the VECPROM DMS. Without the decryption module you are open. The question is, where is the secure source in this moment when you open the network link? The answer is simple: By VECPROM and so in the same step by the gouvernment.

johnson waithaka · 2 years ago

im keen to buy 50 sets of the cell phone encrypter.How do i now the government wount be listening in on the same? Does the person im calling need a similar phone or not for the communication to be secure?

Chanshivroop singh · 1 year ago

We need 20 unit of Vectrotel X8 in India.Please adviced us the full product details. Terms and condition and price including shipment charges

GlasseFrastet · 1 year ago

rosie@triad29.com

rosieponder@verizon.net

Not only do they try to rip you off, they send your email out and you get a ton of junk mail.

Jonathan · 1 year ago

How do I purchase this device?

Who do I contact? The hyperlink you have listed in no good.