From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 10 Jan 94 17:21:57 PST
To: cypherpunks@toad.com
Subject: Re: Crypto not being used where needed
Message-ID: <9401110121.AA25609@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


h
There are two different problems with eavesdropping cellular calls:
- trying to find a *specific* person's calls
- trying to find any interesting call.
The former is still hard, but if unencrypted cellular credit-auth
boxes become widespread, all you'll have to do is set your scanner to
listen for 1200-baud tones and match for patterns that look like
credit-card requests, since you don't really mind *who* you rip off.
This is not good.  One way around it is to use public-key crypto;
however, simple symmetric-key crypto with different keys per vendor
should be adequate, and the paper-trail for setting up credit-card service
gives you a key distribution mechanism.