On Tue, 23 May 2006 11:19:38 -0400, "Perry E. Metzger" <[EMAIL PROTECTED]> wrote:
> > Following the links from a /. story about a secure(?) mobile phone > VectroTel in Switzerland is selling, I came across the fact that this > firm sells a full line of encrypted phones. > > http://www.vectrotel.ch/ > > The devices apparently use D-H key exchange to produce a 128 bit AES > key which is then used as a stream cipher (presumably in OFB or a > similar mode). Authentication appears to be via a 4 digit pin, > certainly not the best of mechanisms. > A 4-digit PIN using EKE or its successors can be a fine thing for a voice phone -- it's rather hard to brute-force when the other end can't keep up... In fact, we mentioned that in our original EKE paper. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
