1997-01-28 - Re: GSM crypto upgrade? (was Re: Newt’s phone calls)

Header Data

From: Eric Blossom <eb@comsec.com>
To: aba@dcs.ex.ac.uk
Message Hash: 4ba33e7b4b2ddc40baec10dee43064241744fb65aeed854fff87f954ba1d670d
Message ID: <199701282156.NAA04042@toad.com>
Reply To: N/A
UTC Datetime: 1997-01-28 21:56:39 UTC
Raw Date: Tue, 28 Jan 1997 13:56:39 -0800 (PST)

Raw message

From: Eric Blossom <eb@comsec.com>
Date: Tue, 28 Jan 1997 13:56:39 -0800 (PST)
To: aba@dcs.ex.ac.uk
Subject: Re: GSM crypto upgrade? (was Re: Newt's phone calls)
Message-ID: <199701282156.NAA04042@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>> It is not clear you need signatures in the secure phone case.  Eric
>> Blossom's 3DES uses straight DH for key exchange with verbal verification
>> that both ends are using the same key.  
>
>How does Eric's box display the negotiated key to the user?  (I don't
>recall the pair I saw having displays).

Latest versions have an LCD display that reports the type of crypto
being used (3DES), as well as 24 bits worth of SHA-1 of the public
exponentials exchanged.  Alice sends g^x mod p, Bob sends g^y mod p.
Let m = min(g^x mod p, g^y mod p) and n = max(g^x mod p, g^y mod p).
compute v = SHA (concat (OCTET_REP (m), OCTET_REP (n))).  Display the
high 24 bits of v.

>Also I thought it would be kind of cute if there were some way for
>phones to exchange their signature keys `face to face' as well.

Currently, absent some kind of widely deployed public key
infrastructure, there are no signature keys used.  This also means
that the units do *not* contain any long term secrets, just the
session key which is destroyed at the end of the call.

Eric







Thread