From: Eric Blossom <eb@comsec.com>
To: aba@dcs.ex.ac.uk
Message Hash: 4ba33e7b4b2ddc40baec10dee43064241744fb65aeed854fff87f954ba1d670d
Message ID: <199701282156.NAA04042@toad.com>
Reply To: N/A
UTC Datetime: 1997-01-28 21:56:39 UTC
Raw Date: Tue, 28 Jan 1997 13:56:39 -0800 (PST)
From: Eric Blossom <eb@comsec.com>
Date: Tue, 28 Jan 1997 13:56:39 -0800 (PST)
To: aba@dcs.ex.ac.uk
Subject: Re: GSM crypto upgrade? (was Re: Newt's phone calls)
Message-ID: <199701282156.NAA04042@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
>> It is not clear you need signatures in the secure phone case. Eric
>> Blossom's 3DES uses straight DH for key exchange with verbal verification
>> that both ends are using the same key.
>
>How does Eric's box display the negotiated key to the user? (I don't
>recall the pair I saw having displays).
Latest versions have an LCD display that reports the type of crypto
being used (3DES), as well as 24 bits worth of SHA-1 of the public
exponentials exchanged. Alice sends g^x mod p, Bob sends g^y mod p.
Let m = min(g^x mod p, g^y mod p) and n = max(g^x mod p, g^y mod p).
compute v = SHA (concat (OCTET_REP (m), OCTET_REP (n))). Display the
high 24 bits of v.
>Also I thought it would be kind of cute if there were some way for
>phones to exchange their signature keys `face to face' as well.
Currently, absent some kind of widely deployed public key
infrastructure, there are no signature keys used. This also means
that the units do *not* contain any long term secrets, just the
session key which is destroyed at the end of the call.
Eric
Return to January 1997
Return to “Eric Blossom <eb@comsec.com>”
1997-01-28 (Tue, 28 Jan 1997 13:56:39 -0800 (PST)) - Re: GSM crypto upgrade? (was Re: Newt’s phone calls) - Eric Blossom <eb@comsec.com>