Perry E. Metzger wrote:
Following the links from a /. story about a secure(?) mobile phone VectroTel in Switzerland is selling, I came across the fact that this firm sells a full line of encrypted phones. http://www.vectrotel.ch/ The devices apparently use D-H key exchange to produce a 128 bit AES key which is then used as a stream cipher (presumably in OFB or a similar mode). Authentication appears to be via a 4 digit pin, certainly not the best of mechanisms.
According to - http://www.ohgizmo.com/2006/05/22/vectrotel-provides-secure-mobile-communications/ > Additional security and integrity is ensured by a calculated > HASH checksum that is indicated on the display. > > To protect you from misuse by a third party we secured the > crypto functions by a user-determined PIN code PINs are not used for phone-to-phone authentication, only user-to-phone. Though the article is full of obvious mistakes, so they might've gotten this part wrong too. Alex --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
