Upon request received in private email, here is more from the cellular
front:
A while back, I had a conversation with a well-known Swedish manufacturer of
encrypting digital mobile phones. The manufacturer is the primary supplier
of such phones to the Swedish armed forces.
When inquiring about the key management used by the phones, I was informed
that the phones contact a central key server prior to establishing a
connection. Naturally, I asked what would happen should the key server
become inoperable. Long-time readers of this list are probably not surprised
by the answer: "In that case, each handset reverts to using a system-wide
default key". Right... I see...
When I pointed out that it was not inconceivable that the central key server
might become inoperable in a time of crisis, the manufacturer told me that
this was highly unlikely, given that Sweden does not presently have any
enemies and thus the key server is therefore not considered threatened.
Makes you wonder why the armed forces would bother with deploying encrypting
phones. Or why the armed forces even continue to exist.
I have this theory that the present need for security products far exceeds
the number of individuals capable of designing secure systems. Consequently,
industry has resorted to employing folks and purchasing "solutions" from
vendors that shouldn't be let near a project involving securing a system. I
can't prove this claim, but I sure have the distinct feeling that this the
current situation.
--Lucky Green <[EMAIL PROTECTED]>
"Among the many misdeeds of British rule in India, history will look
upon the Act depriving a whole nation of arms as the blackest."
- Mohandas K. Gandhi, An Autobiography, pg 446
http://www.citizensofamerica.org/missing.ram
