Comments on: Encrypt Your GSM Conversations http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/ Nicolas Toper's Digital Hub Fri, 30 Jul 2010 13:10:54 +0000 http://wordpress.org/?v=2.2.3 By: Anon http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-225 Anon Fri, 23 Jun 2006 08:29:52 +0000 http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-225 I have no fundamental complaint against software only encryption. What I would worry about is all the other software running on a PDA type device, not least of all the OS (Symbian, WinCE I assume?). Placing strong encryption (which AES or Twofish is) on the voice transmission is fine, all it does is move the weakest point in the system to another place. I would be wary of throwing a piece of software unto a PDA and assuming it was a secure system. There's a lot more to cryptography/security than just strong encryption of the the transmitted information. Have a look at cryptophone.de, they disable a lot of the PDA/OS functionality (e-mail, internet, IM etc.) to prevent those areas being exploited. - Having said that cryptophone.de then go and offer a windows client for using their cryptophone! So there I am, spending major money on a secure phone and talking to someone with the software on a windows PC! Again an advesary will always look for the weakest point....if one participant is using a windows PC for the call then that's where they would probably attack. I have no fundamental complaint against software only encryption.

What I would worry about is all the other software running on a PDA type device, not least of all the OS (Symbian, WinCE I assume?). Placing strong encryption (which AES or Twofish is) on the voice transmission is fine, all it does is move the weakest point in the system to another place. I would be wary of throwing a piece of software unto a PDA and assuming it was a secure system. There’s a lot more to cryptography/security than just strong encryption of the the transmitted information.

Have a look at cryptophone.de, they disable a lot of the PDA/OS functionality (e-mail, internet, IM etc.) to prevent those areas being exploited. - Having said that cryptophone.de then go and offer a windows client for using their cryptophone! So there I am, spending major money on a secure phone and talking to someone with the software on a windows PC! Again an advesary will always look for the weakest point….if one participant is using a windows PC for the call then that’s where they would probably attack.

]]> By: Nico http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-213 Nico Thu, 22 Jun 2006 19:09:47 +0000 http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-213 True and false at the same time. It is assumed the NSA is more advanced than scientific cryptographic community. Doesn't mean we cannot protect our privacy. In a way it is our job to do so. True and false at the same time. It is assumed the NSA is more advanced than scientific cryptographic community.

Doesn’t mean we cannot protect our privacy. In a way it is our job to do so.

]]> By: Kakma http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-212 Kakma Thu, 22 Jun 2006 19:00:10 +0000 http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-212 This is a ROT-26 encrypted text. Well soory for the bad joke but I really think there's nothing such as good encryption for common people. States will always take the means to break them, and as ecomonics become more and more a state matter (which is the paradoxal side of capitalism globalization), there's no way the market will give anything more than toys for James Bond fans... The point of all this : there's no such thing as security, it's just a state of mind and the best security is to assume your weakness/exposure. Enough with deep one-liners - I'm out. This is a ROT-26 encrypted text.
Well soory for the bad joke but I really think there’s nothing such as good encryption for common people. States will always take the means to break them, and as ecomonics become more and more a state matter (which is the paradoxal side of capitalism globalization), there’s no way the market will give anything more than toys for James Bond fans…
The point of all this : there’s no such thing as security, it’s just a state of mind and the best security is to assume your weakness/exposure.
Enough with deep one-liners - I’m out.

]]> By: Nico http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-210 Nico Thu, 22 Jun 2006 18:27:26 +0000 http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-210 Why do you think pure software encryption isn't a good approach? On the performance side I completely agree but I don't see why it is insecure. It depends how they build their code and how they implemented their algorithm. Being able to get a secure transmission is a good idea. One weakness in the algo: how would they get/exchange key with AES? I'm pretty sure the system can be cryptanalyzed around this. Especially since the carrier have access to all communication. Another point: the carrier can simply cut a secure line and this can be detected pretty easily. Why do you think pure software encryption isn’t a good approach? On the performance side I completely agree but I don’t see why it is insecure. It depends how they build their code and how they implemented their algorithm.

Being able to get a secure transmission is a good idea. One weakness in the algo: how would they get/exchange key with AES?

I’m pretty sure the system can be cryptanalyzed around this. Especially since the carrier have access to all communication.

Another point: the carrier can simply cut a secure line and this can be detected pretty easily.

]]> By: Anon http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-209 Anon Thu, 22 Jun 2006 18:02:40 +0000 http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-209 hmmmm....security whitepaper on their site talks about using Twofish and AES (in case one algorithm is broken). Similar approach is adopted by www.cryptophone.de Software only approach isn't necessarily a good idea...who knows how insecure the underlying OS or platform is? Plenty of other offerings in this realm out there, including www.gme.ie hmmmm….security whitepaper on their site talks about using Twofish and AES (in case one algorithm is broken). Similar approach is adopted by www.cryptophone.de Software only approach isn’t necessarily a good idea…who knows how insecure the underlying OS or platform is?

Plenty of other offerings in this realm out there, including www.gme.ie

]]> By: maladroit http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-204 maladroit Thu, 22 Jun 2006 15:36:24 +0000 http://www.deviant-abstraction.net/index.php/2006/06/22/encrypt-your-gsm-conversations/#comment-204 See also SecureGSM http://www.securegsm.com See also SecureGSM
http://www.securegsm.com

]]>