×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

German Crypto Mobile Announced

Hemos posted more than 12 years ago | from the making-things-encrypted dept.

Encryption 112

XMLGuy writes "The first German crypto mobile phone is to be built by Rohde and Schwarz - a company that took over the hardware-crypto segment of Siemens at the beginning of May this year. At the push of a button the mobile phone (they are called "handies" here in Germany) will set up an encrypted communications link with your communications partner. According to heise online, the mobiles then use a 128 bit key to encrypt the channel. One of the technicians is quoted as saying that "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call". The mobiles will cost around 6000 German Marks. " You know where the the fish is for translation.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

112 comments

128 bits encryption is strong (1)

Anonymous Coward | more than 12 years ago | (#187616)

128 bits is in my opinion much harder to crack then what is said here. I seriously doubt that 1000 Pentium (even 1.7Gz) could crack a 128 bits encryption in 10 years. I think it was just a way to say that their encryption is strong to the public.

Take a look at the RC5-64 challenge. The key is "only" 64 bits. According to www.distributed.net [distributed.net] , the computing power on RC5 is about 160000 PII 266Mhz working 24/7. d.net RC5-64 effort has been running since 1997 and it has not yet exhausted 50% of the keyspace. 128 bits encryption would be 2**64 times harder than RC5-64. That's a lot more!

This is why I believe 128 bit encryption is not crackable with today's technology. We would need a serious breakthrough in computer technology to crack 128 bits. 128 bits encryption might be secure for a couple of centuries even taking into account Moore's law.

Don't underestimate the power of numbers.

Re:A better way to do this? -- Sadly..no (2)

Anonymous Coward | more than 12 years ago | (#187617)

Alas, what you have just described is a flooding route algorithm...these tend to be hideously inneficient... Plus, How would you call from the US to Europe? While this does have some potential for very small networks, it would be unworkable for any decent network, and with a small network your range would be extremely limited. But, now for the real killer..... Think if you you have 1000 people with this phone, and they all stand eqidistant from each other inside of a large circle, then the circle is rougly 35 people across. So that means that your HTL already needs to be at least 35, and that is the optimimum case! Realistically it would have to be at least double that! Plus, using the same optimal confguration, we can see that the traffic density near the centre is quite high. If the distribution was more belt like, those mobiles in the middle really need to receive and pump out a _lot_ of data... It is a nice idea, but try a few simulations of a) flood routing b) traffic flow (even assuming perfect routing) and you will see why this is not so great.... Paul

The "thousand pentium" quote must be nonsense (1)

Paul Crowley (837) | more than 12 years ago | (#187618)

Donning my "crypto expert" hat for Slashdot once again...

I find it very hard to believe that anyone implementing a new system would build something that it was so practical to break. In general, it's not much harder to build a cryptosystem requiring all of the world's computing resources for millenia. Either they had some *very* funny tradeoffs to make, or they've seriously screwed up, and employed people with no clue about modern crypto engineering, or that quote came from someone who did not appreciate the real strength of the cryptographic components used.
--

Re:So Germany IS More Free Than the US? (2)

joss (1346) | more than 12 years ago | (#187619)

> I was always led to believe that the US had more freedom than any other country in the world.

Yes, I'm sure you were. However, who by ? what country did you hear this in ? The USA doesn't need government sponsored propoganda, they have something much more powerful - profit sponsored propoganda. Any mainstream newspaper or television program that tried to criticise America would lose audience fast. It would be "un-American" of them, and besides Americans all know that the USA is the best country in the world, so they would not just piss people off, they would lose respect because people wouldn't believe it anyway.

There is a vicious circle at work here. The main reason that Americans are so incredibly patriotic is that throughout their lives almost everything they hear reinforces the notion that America is the best (richest, most free, most tolerant, etc) country on earth, so why shouldn't they be proud of that. However, since the majority believes this completely, it would be very unwise for a publication that wishes to be bought, or a show that wants to be watched, to say anything that reflects badly on America [as compared to other countries]. The media can happily complain about things like crime, drugs, morality, etc but these are internal issues, and if any comparison is offered it will generally be with the past rather than with foreign countries. It just won't get mentioned.

Foreign news is virtually never mentioned on US television unless it's in such a way as to reflect well upon America. For example, you'll get a story like - "American troops fly into East Timor to protect the natives from gangs of thugs." The earlier story: "US trained and funded death squads kill 1/3rd of population of East Timor to supress an independence movement that could damage the interests of US oil companies in nearby waters" is much less likely to make people feel good about themselves, happy with your publication, and likely to read you again. This phenomena is not unique to US by any means, it's just rather more pronounced there than other places I've stayed.

IMO America is a good country in many respects, but general knowledge about the state of the world outside the US is not it's strong point.

Re:There is a backdoor.. (1)

Christopher Craig (1394) | more than 12 years ago | (#187620)

Even if it is DES, there is no backdoor. There is no known "better than bruteforce way" of cracking DES. What EFF and d.net did was simply design systems to exhaust the keyspace (bruteforce) of DES in a shorter about of time. In particular EFF (who did about half of the keys done on d.net in the last DES challenge) designed a system that was specifically optimized at the hardware level for trying DES keys as fast as possible.

I'm not suggesting that we should all run out and use DES for serious security, but please don't spread the misinformation that it has a backdoor.

Re:Swedes has sold Crypto GSM phones for a long ti (1)

bodin (2097) | more than 12 years ago | (#187621)

Sold to US Defense Department and NATO as well if you check out the pressreleases [sectra.se] .

Swedes has sold Crypto GSM phones for a long time. (3)

bodin (2097) | more than 12 years ago | (#187622)


Sectra in Sweden has been selling crypto GSM phones for a very long time.

http://www.sectra.se/ [sectra.se]

Check out their "Tiger-phone" [sectra.se] which is a combo GSM/DECT phone with built in crypto.

Sold to the Swedish military.

Whither Starium? (1)

Jeff Kandt (6763) | more than 12 years ago | (#187623)

Quite some time ago I was excited to hear about Starium [starium.com] , a company founded by some folks with much crypto-cred (cypherpunk Eric Blossom, father of public-key crypto Whitfield Diffie) to provide voice encryption products. They claim to be working on an add-on unit [starium.com] (pdf flyer [starium.com] ) for regular analog phones as well as licensing their encryption for inclusion in digital phones.

This almost two-year-old Wired article [wired.com] says they were planning to release "sub-US$100 telephone scrambling devices" by "early-2000."

Anyone know what's taking so long?

-Jeff, www.scrollbar.com [scrollbar.com]

Re:Some more translation (2)

astrashe (7452) | more than 12 years ago | (#187624)

It seems to me that this is a situation where open standards/open source is important.

What happens if your $3k phone turns out to have a weakness in it? A crummy pseudo-random number generator or a more mundane bug? Or what happens when your neighbor buys a doohickey that plugs into a visor or a WinCE box that gives him the same functionality for $150? How do you know you can trust the chip?

But are they open? (1)

GiMP (10923) | more than 12 years ago | (#187625)

This would be great to have in the states, but do they provide a method to change the software on the phones.. and provide the source to the software? I really wouldn't trust anything like this without know that I would be safe from backdoors!

Can we really trust a company to Do The Right ThingTM? Sure, even with a backdoor.. this will keep you from being spied on by your kid sister, but what about Big Brother?

We must demand that our devices using encryption MUST be open enough that we can verify our freedom.

Re:Eggs in a hailstorm (2)

Detritus (11846) | more than 12 years ago | (#187626)

I've been told that Qualcomm was thinking about including encryption in the CDMA mobile phone standard. Under heavy pressure from the U.S. Government, the encryption algorithm was changed to XORing a static bit pattern with each frame of data. Needless to say, this is trivial to crack.

sure sure.. (2)

RAruler (11862) | more than 12 years ago | (#187627)

Yeah, but if they're going to go to the trouble to listen in on your phone calls, why not the oldschool way of getting a high gain directional microphone, if your phone calls are that goddamn important, a shady black van is probably following you. Even more so, 'Big Brother' could just put listening devices into the phones before they get shipped out, and who really uses Cell Phones for secure communication?

---

This is not as impressive as it sounds: (3)

Mr. Flibble (12943) | more than 12 years ago | (#187628)

the mobiles then use a 128 bit key to encrypt the channel. One of the technicians is quoted as saying that "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call

As outlined in Cracking DES [oreilly.com] , an algorithm can take years to crack using a conventional computer. However, if you custom design a computer from the ground up (not as difficult as it might sound) to specifically attack the algorithm, the encryption can fall quite quickly, as it does with DES. *

I think that encryption should be evaluated on the strength of the algorithm, not on how many brute force attacks it would take to defeat it. (This is what is mentioned by Schneier in Applied Cryptography [counterpane.com] .)

* For those of you who doubt this, read the book.

So what ? (1)

El Cabri (13930) | more than 12 years ago | (#187629)

There is nothing new in this product. Crypto cellphones have been available since cellphones were available. For an other exemple:

EADS-DSN [eads-dsn.com]

The subject line demanded it (2)

Robotech_Master (14247) | more than 12 years ago | (#187630)

[We fade in on the Crypto Cave, where our heroes Hellman and his faithful sidekick Diffie are relaxing after a strenuous workout. Suddenly, an alarm sounds!]

Diffie: Holey encryption algorithms, Hellman! It's the Encrypted Signal!

Hellman: Indeed. The RIAA must be up to its old tricks. Quickly, Diffie--to the German Crypto Mobile!

Diffie: Atomic random key generators to power . . . one-time pad to speed . . .
--

Re:GSM Encryption (1)

Spruitje (15331) | more than 12 years ago | (#187631)


The data streaming between the phones and towers of a GSM network is already encrypted with one of two algorithms, A5/1 and A5/2. A5/1, the "stronger" variant, is in use in virtually every GSM network currently operating.


Yup, the data is encrypted between the towers and the phone.
But not between the towers and the switch!!
So, it is very easy for any government agency to listen in on a conversation.
Because there is no encryption between the tower and the central switch!!

Re:Am I wrong? (1)

Spruitje (15331) | more than 12 years ago | (#187632)


On any hardware device, especially one with analog circuits (like a cell phone) there can be plenty of sources of randomness: background static in the microphone, fluctuations of the RF signal. It should be quite easy to seed a random number generator from these sources. Even if the random number generator is known, it is not always possible to even remotely guess at what the next numbers will be without knowing the seed and internal state.


An analogue cellphone?
Do they still make them?
In Europe, Asia and Afrika we all use digital cellphones.
This is called GSM.
And this system already uses encryption.
Between the phone and the tower...

3G does some level of distribution (1)

ArchiBear (19772) | more than 12 years ago | (#187633)

> or- Distributed mobile phones.
>
> An Idea that I've been kicking around in
> my head for a while is the concept of a
> distributed mobile phone. Each Phone acts
> as a transmitter for your call, and a
> forwarder for other calls.
> Thus, as the number of phones sold
> increases, so does the total range of
> the system

Actually, the specifications for 3G phones do
have something like this as a capability.
However, I can't quite see this one flying as
the general basis for a network - I mean, do
you really want your battery power to be used
up forwarding other people's phone
conversations?

Re:Ok, I think some people here are missing the po (2)

abelsson (21706) | more than 12 years ago | (#187634)

GSM Cell phones are already encrypted (although weakly) - and it's a worldwide standard, with hundreds of millions of users. Eavesdropping on that is a bit harder than casual scanning.

But you're right, even weakly obfuscating something stopps atleast 95% of all attackers. Not everything needs to have military grade encryption..

-henrik

Re:There is a backdoor.. (2)

abelsson (21706) | more than 12 years ago | (#187635)

I'm sorry, you misunderstood me. I meant backdoor in the sense that it (the phone) doesnt live up to it's claim of "128bit security". I also never claimed DES has a backdoor, only that this phone has one. (it was merely my own speculation that it might use DES)

But you're right. There's no publically known way of breaking DES that is better than bruteforce. Then again, with a 56bit keyspace it doesnt matter, because searching through 2^56 keys is practical. (TrippleDES is probably secure though, with a 112bit keyspace)

But then again, a pissing contest over keylengths is irrelevant. There are better ways of cracking encryption.

-henrik

There is a backdoor.. (3)

abelsson (21706) | more than 12 years ago | (#187636)

Quote 1:...use[s] a 128 bit key to encrypt the channel.
Quote 2: ...A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call.

1) A 128 bit string has roughly 10^38 possible combinations (keys)
2) Assuming a pentium chip can perform 1 million decryptions per second of the algorithm 1000 pentiums working for 10 years would try roughly 10^17 keys - which is equivalent with a 58 bit real key length. (suspiciosly similar to DESes 56bit, maybe they use DES with some custom key magic to be able print "128bit keys" on the box)

This means there's a better than bruteforce way of cracking the algorithm used and this phone probably shouldnt be used for anything important (as we all know, des can be cracked in hours by d.net, probably in minutes or seconds by intelligence agencies)

Also, even if it isnt DES.10000 pentiums (1yr) - or more likely, a custom chip (much less), is not outside the reach of intelligence agencies or even large companies.

-henrik

This can easily be cracked (1)

fitsy (22336) | more than 12 years ago | (#187637)

By using tried and trusted techniques:

http://www.ii.uib.no/~larsr/craptology/crv0n1-2. ht ml

This is a good read on the subject :-)

Re:Am I wrong? (1)

Hast (24833) | more than 12 years ago | (#187638)

It's still transmitted in an analogue fasion. Using normal radio tech. (Well not really "normal" but it's not magic. ;-)

Re:A better way to do this? -- Sadly..no (1)

Basje (26968) | more than 12 years ago | (#187639)

Besides, telephone batteries would last muc shorter. Many telephones have a much larger standby time than speaking time. This is because during calls much more transmissions take place and thus more energy is used, than during standby, at which time there's only some polling the 'server'

When you do routing, esp in the center of the population, the maximum amount of energy would be used all the time. Thus, a 50 hr telephone would only last about 1/2 an hour. That's just not acceptable.

----------------------------------------------

Encryption or frequency hopping? (1)

jonathanclark (29656) | more than 12 years ago | (#187640)


Any decent 128bit encryption would require a 1000 pentiums to work for... oh say.. the lifetime of the planet earth (at which point the power would fail). If it only takes 10 years then that smacks of weakened security mandated by the government.

From the article it almost sounds like they are using frequency hopping with a 128bit random function. I'm not sure but that might be legal in more countries because the data is not actually encrypted or decrypted - just the frequency path followed.

Some more translation (3)

harmonica (29841) | more than 12 years ago | (#187641)

I don't want to translate all of it, just some interesting parts:
  • cellphone looks like a Siemens S35i
  • it's not made by Siemens but a smaller enterprise that was created from one of Siemens' departments
  • unencrypted calls work just like with normal cellphones
  • for encrypted calls, the user presses a special key and then enters the number; a GSM-like data channel [I don't know whether there might be a better translation] is opened and data encrypted by a stamp-sized chip is transferred
  • the encrypted connection only works if the other person has a matching cellphone or an ISDN telephone with a corresponding encryption device
  • in some countries, the use of such a cellphone is forbidden
  • price is DM 6000, which is about USD 3000
  • German secretary of the interior Otto Schily got one for free

Re:A better way to do this? Already been done... (3)

Holger (36233) | more than 12 years ago | (#187642)

Your idea isn't new. A german inventor had something like that worked out about five years ago, they are finally through the patenting process and are starting to produce actual hardware. Check out www.dirc.net [dirc.net] . Unfortunately the original idea "user buys equipment once, no further costs" has been dropped in the process. Now the business model is more along the lines of "provider buys lots of them and rents them out to consumers". But still pretty cool tech.

Re:This is not as impressive as it sounds: (1)

pheede (37918) | more than 12 years ago | (#187643)

If it 'only' takes a thousand Pentiums (Pentium 133? Pentium 1GHz?) around ten years to crack their 128-bit algorithm, it's one lousy algorithm that doesn't use all 128-bits of entropy.

A custom hardware design is very effective compared to a conventional attack (as aptly demonstrated by EFF and distributed.net [distributed.net] in the RSA DES contests). However, it doesn't matter how fast your chip is if you use long enough keys (and >=128-bit keys are long enough). Try to do the math: even if testing a huge 10^12 keys per second (or more) it will take a long time to bruteforce a 128-bit key.

Basically all algorithms used today are 'strong', or rather, believed to be strong. This includes DES, Blowfish, RC4, RC5, IDEA, CAST etc. This means that it is only their key length that decides how hard it is to crack. Viewed in this light DES' 56-bit isn't enough. RC4 used with a small 40-bit or 56-bit is also vulnerable. Even so, the DES and RC4 algorithms themselves are strong. This is why it is feasible to bruteforce DES with a custom VLSI chip design: the key is simply to short. Doing a bruteforce on a strong 128-bit algorithm is futile whether doing a hardware or software-based attack.

Sometimes its better to hide out in the open. (1)

ElvenKnight (40562) | more than 12 years ago | (#187646)

What bothers me most is that one day the US just decides its ok to export encyrption now. Why? Because the hell with a thousand pentium computers, they probably have quantum super computers hidden deep in Area 51 by now. :)

But think about it. What does going out of your way as a consumer to buy 128-bit encryption do? NSA and other snooping agencies in the world have a problem. Soo many communications going on, every teenager has a cell phone now adays yakin about who knows what. But if you go out of your way to encrypt your conversation, then in my opinion you FLAG yourself as worthy of some super-brute force snooping action.

Now if EVERYONE had the simple luxury of one push of a button crypto, then awesome. You'd be hiding out in the open again. But I bet they pay particular interest to the first bunch to run up and grab these phones.

Ohh Yes, can I buy a bullseye for my head too!

Just remember, the government likes to have about a decade or two of advance technology above and beyond what the consumers have access to. They like that buffer zone of protection, so if they are ok with encryption now.. be afraid, be VERY afraid of the new toys they probably just developed.

There was a time the whole world didn't even have billions of dollars, now we have a country that commands trillions and only recently decided they have SOO MUCH, that they are now actually willing to give 1.35 trillion BACK to people, Woah.. they must REALLY be hiding something.

-Matthew

G3 DIY implementation? (1)

xixax (44677) | more than 12 years ago | (#187647)

So if I had a really funky G3 phone that could pull decent bandwidth, I could do voice over IP and run it through an encrypted PPP and be able to talk to other phones even if they weren't of the same brand? As a bonus, the encryption would be in software rather than on a chip.

And a bans on software implementations would a lot harder to enforce.

Xix.

A better way to do this? (4)

E1ven (50485) | more than 12 years ago | (#187648)

or- Distributed mobile phones.

An Idea that I've been kicking around in my head for a while is the concept of a distribted mobile phone. Each Phone acts as a transmitter for your call, and a forwarder for other calls.
Thus, as the number of phones sold increases, so does the total range of the system.

Such an infrastructure would be, in a similiar way to the internet, very resistant to attack, and the loss of nodes would not defeat the entire network.

To handle encrpytion, such as in the article, two phones could by sync'ed, via an infrared channel (when the two persons were physically close together), upon which point they would exchange their respective public keys.

To get from Phone A to Phone E, the message hops out, from phone to phone, looking for way to phone E.
Each hop, it increases it's HTL by one.
When it arrives at the Phone E, E checks the HTLs of messages that arrive, and then sends back a message that attempts to take a similiar route.
(ie, if a node is missing, it will hop around, looking to get back ont he chain, or, to get back to phone A)

Does this sound like a viable phone model?


--

This message brought to you by Colin Davis

Software encrpytion through GSM phone (2)

ikekrull (59661) | more than 12 years ago | (#187650)

With the amount of processing power being put on phones these days (to play games, MP3s and PDA functions mostly), it won't be entirely unfeasible to implement an encrypted IP-based phone/data system tunneled inside the standard one using the OS on the phone itself to run the encryption/decryption functions. Anyone got Linux running on a cellphone yet?

Re:Pentium what? (1)

Dr. Blue (63477) | more than 12 years ago | (#187651)

Clearly this was just made up without thinking about it at all. Let's work backwards starting with the idea of brute-forcing a 128-bit key and see what we get:

2^128 keys, divided by 1000 machines, divided by 315576000 seconds in 10 years, gives right around 10^27, or 0.5*10^27 trial encryptions on average. So these 1000 machines would have to do 0.5*10^27 trial encryptions per second in order to break a 128 bit key. Assuming a 20-cycle/encryption machine, that means that you'd need a 10^28 Hz machine for each of these. That's a 10 Giga-Giga-Giga Hz machine (there's probably another name for it).

So assuming that the encryption scheme is sound (requiring brute force for attacks), this is a lot more secure than they're suggesting here...

So Germany IS More Free Than the US? (1)

Louis Savain (65843) | more than 12 years ago | (#187652)

I was always led to believe that the US had more freedom than any other country in the world. What are the chances that this encrypted phone technology will be allowed in the US without some backdoor for the government to snoop in?

I mean we can't let people hide things from the government, can we? What with national security, organized crime, the war on drugs and all the usual excuses! These things take precedence over freedom! Not.

6000 DM ?!?!? (2)

Thomas Miconi (85282) | more than 12 years ago | (#187657)

6000 Deutsche Mark amount to roughly US$ 2600 !

I'm afraid this will seriously reduce the market for this nifty little toy.

Thomas Miconi

Surely only useful if both people have them (1)

Dr_Cheeks (110261) | more than 12 years ago | (#187659)

Tech:....no, when it says reset your password you need to reset your password....

PHB: Wait, passwords? What if my phone is being monitored? I'd better encrypt this...

Tech:Wait! Those phones are way too expensive and I don't have one to decrypt yours!

PHB: [crackle, hiss, crackle, etc]

Re:cannon fodder? (1)

-brazil- (111867) | more than 12 years ago | (#187660)

Mea culpa, should have read the article.

No, you can't choose a key, that "punching" part is just about the button you have to press to get an encrypted connection instead of a normal one.

It says that a new key is chosen each time out of 10^38 (i.e. 2^128) possible ones; no word on how it defends against eavesdroppers. Sounds like it's actually only negligibly more secure than no encryption at all.

Re:Pentium what? (1)

-brazil- (111867) | more than 12 years ago | (#187662)

No, there was no more specific data; and since it would take much longer to decrypt real 128bit encryption, I suspect that quote was just made up on the spot by some marketroid to impress unknowledgeable people with some large numbers.

Re:cannon fodder? (2)

-brazil- (111867) | more than 12 years ago | (#187663)

Actually, if they use decent symmetrical 128-bit key cryptography, it would take all the pentiums in the world a couple of million years, if not more, to decrypt it.

Of course, the real question is: how are the keys generated and transferred. If it's just a fixed key stored somewhere in the phone, it won't be long before someone manages to get it out and be able to listen in to everything said on those phones quite easily.

GSM Encryption (1)

alexburke (119254) | more than 12 years ago | (#187665)

I'm a bit of a cellphone nut, and have already done quite a bit of reading on the subject.

The data streaming between the phones and towers of a GSM network is already encrypted with one of two algorithms, A5/1 and A5/2. A5/1, the "stronger" variant, is in use in virtually every GSM network currently operating.

Neither algorithm has been broken. However, the private key (Ki) stored in every subscriber's SIM (subscriber identity module) card (unique to each SIM card) has successfully been compromised by researchers for a university, I believe. This was reported in the news a while (18 months?) ago, but it can't be done over the air. As far as I know, you have to interface the SIM card with a PC and ask the SIM card to identify itself, using a slightly different salt each time. By doing this about 150,000 times (which takes about 8 hours), the private key can be computed.

If this stuff turns your crank, here are a few links to get you started:



--

cannon fodder? (1)

crashnbur (127738) | more than 12 years ago | (#187666)

Um, say I don't believe that this would actually take that many pentiums that amount of time to decode such a conversation. Where do I sign up to enlist my Pentiums' service, prove them wrong, and sue for false advertising?

Mobile networks need centralised design (2)

wolvie_ (135527) | more than 12 years ago | (#187667)

I thought of essentially this idea a while ago, but there is a significant problem: power. GSM and similar mobile networks are designed to minimize transmission from the phone to the base station. The only communication between phone and cell when not in a call or receiving a message is to log onto the network and to send a location update every 2 hours (the time period is variable and set by the network). Other than those times, the phone never sends anything.

Why? It is takes a lot more power to send a signal than listen for one. Most new mobile phones nowadays can sit idle on the network for 5 days, but only stay on a call for 2 hours. While the power difference isn't spent entirely on transmitting (you also have to sample the audio, compress the data, time your transmissions on the network, and so on), a significant part of it is. Mobile networks are specifically designed to minimize the requirement for the phone to transmit, but instead very infrequently announcing "yeah, I'm still alive" to the nearby base stations. Given the amount of data you need to retransmit on a P2P network (and with redundancy to multiple peers to keep the data flowing if one node goes down or moves out of range unexpectedly), phones on a P2P mobile phone network would spend nearly their entire battery life resending other people's data streams. And then you have the problem of requiring gateways (centralised points, thus somewhat defeating the point of a distributed network) to communicate with devices outside the P2P network, or in another P2P cluster (on another continent, for instance), and how you pay for access to those gateways. And how you geographically locate the most appropriate peers to resend data to (GPS on every phone with location broadcast to peers?), and how it scales under load, and so on...

It's a cool idea in theory, but unfortunately it wouldn't be feasible in practice (I'm all for building public-owned networks, but I'm not prepared to have only a few hours battery life on my phone to facilitate this). Which is a shame, as it'd be cool to not have to pay mobile phone rates to talk to someone a few blocks away, and not have to rely on telcos with insufficient infrastructure.

What do those numbers realy mean? (1)

Faux_Pseudo (141152) | more than 12 years ago | (#187668)

One of the technicians is quoted as saying that "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call".

pentium computers in this case means what? 75mhz? 1.5ghz? by saying pentium they really aren't saying much.

And here is the Moors Law break down:

In 15 years one computer will be equal to 1000 computers now. So just-around-the-corner the above will quote will look something like this:

One of the technicians is quoted as saying that "A quantum computer would need over 1 second to decrypt a 10 minute phone-call".

Brute Force? (1)

gunner800 (142959) | more than 12 years ago | (#187669)

I don't parse mangled German well, so I may be totally off base, but...

I suspect the "10 year" figure is the estimate for going through all possible keys. This brute force method is an old standby for code-cracking because it works for almost everything, but many encryption algorithms allow more efficient attacks.

128 bits is a pretty large key to attack with brute force, but depending on algorithm they used (and the attacks it is vulnerable to) it may not be enough to stop serious efforts.


My mom is not a Karma whore!

Re:That's great for our German friends... (1)

Woefdram (143784) | more than 12 years ago | (#187670)

But will it ever come to the U.S.?

Sure, you're just not allowed to make international calls *grin*.

Re:Pentium what? (1)

Woefdram (143784) | more than 12 years ago | (#187671)

The Babelfish-English is a little strange indeed. This sentence could be translated into it would take a thousand pentium computers over 10 years to decode a 10-minutes phonecall BTW, but I guess you already got that :)

I don't think the engineer who was cited, made any calculations. My bet is that he simply said this to emphasize the fact that it would take a lot of brute force to eavesdrop on such a call. After all, most people who will buy these things at this price, are the ones with money and without any real knowledge. And those people aren't interested in MIPS or algorithms, they just want to hear that it's (almost) impossible to crack.

Re:Some more translation (1)

Woefdram (143784) | more than 12 years ago | (#187672)

I suspect the same coutries that have problems with people using PGP/GPG, such as France and Iraq. I don't mind about Iraq, but France is damn close to where I live :)

And of course, in the free West, being America, this will be verboten too (isn't it ironic that this word comes from the country that doesn't prohibit this?).

Re:Ok, I think some people here are missing the po (2)

peccary (161168) | more than 12 years ago | (#187675)

GSM only encrypts the air-link. This phone encrypts end-to-end.

Cool! (1)

DaRkJaGuaR (161464) | more than 12 years ago | (#187676)

Couple of questions, they GSM, CDMA? Can your use them in other countries? I find that the biggest problem with a mobile for security is that your exactly location can be triangulated. I personally use a modified Siemens S35 that allows me to connect to X number of towers which i can use to defeat that but DAMN this would KICK ASS. Particular in the wake of all the echelon articles....

Re:A better way to do this? (2)

WolfWithoutAClause (162946) | more than 12 years ago | (#187677)

P2P cell phones?

Yeah, probably can work. The downsides are that as people move around you can lose connectivity for moments or minutes (although cell phones have this problem anyway to some extent, but this would be worse). To counteract that it would probably be necessary to keep several connections up simultaneously; in the hopes that there is atleast one route to the far end. That will mean that the phone will take a lot more current and will either be heavier or will flatten its batteries much more quickly.

The other difficulty is routing in a highly dynamic link map- everyone is moving around all the time; links will be going up and down like mad things...

Re:128 bits encryption is strong (2)

IronChef (164482) | more than 12 years ago | (#187678)


The question really is this" how far ahead is Big Brother? If you read the history of the NSA (in a book like The Puzzle Palace) you will find out it is believed they are many years ahead of industry in these matters. (as if most people don't think that already.)

If I needed secure comms, I would get the best gear I could but ultimately I would be hoping that I was below Big Brother's radar. I'm not willing to bet my life on any of this crypto stuff. It takes more than gadgets... it takes good fieldcraft to communicate securely.

Not that I'm doing anything that needs crypto, but I suspect that will change when my local Illuminati cell finally recruits me. What are they waiting for??

10 years? That's IT? (2)

electricmonk (169355) | more than 12 years ago | (#187679)

"A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call".

Umm... I don't know about you people, but that seems really pathetic to me. Hell, Google has 4000 such machines, and they aren't even in the crypto business. And we all know that the only thing that has kept Cray in business in the last few years was the NSA. So, put two and two together. If you are important enough for the NSA to care about hearing your calls, all they need to do is to spend a little computer time on cracking it. This is assuming that there are no "shortcuts" in the protocol, weakness that can be exploited in less time than it would take to brute force it.

To give you a comparison to what REAL encryption, like PGP, would be able to withstand, my PGP e-mails would probably take more time to brute force using all today's computing power than the time that the universe has existed.

--

RTFA (1)

loraksus (171574) | more than 12 years ago | (#187680)

Handy encodes discussions on push of a button

Germany first Krypto Handy goes now into series production. Outwardly the encoding Handy resembles Siemens a S3ï, but the TopSec GSM device mentioned brings the measuring technique specialist Rohde and black on the market. Originally the development was advanced by the Siemens area information and Communication mobile, until Rohde and black at the beginning of of May took over the business segment hardware encoding of Siemens.

Because conventional portable radio connections did not guarantee a complete privacy, Siemens researchers already developed a procedure, which makes a secured connection with genuine end to the end encoding in the Handy on push of a button one year ago. The Clou: The TopSec GSM " simulates " a speech transmission; the Handy for encoded discussions actually opens a GSM usual data channel however instead of the voice channel. This permits it to transfer encoded contents unchanged and transparency between two compatible receiving stations.

For the setting up of a normal unencrypted connection one selects like used the call number of its interlocutor. If the telephone call is to be encoded however, then one presses an accordingly programmed soft key before the push button. The device switches then into the data mode; an additionally inserted, only stamp-large module codes and scrambles the exchanged data so thoroughly that even secret services cannot monitor, so the manufacturer. The safe connection can be however only structured, even if the interlocutor is attached a suitable Handy had or its ISDN telephone to a suitable encoding module.

The devices of the communication partners exchange a new 128-Bit-Schluessel with each connection establishment. Each mark is selected another of 10 38 codes the available by coincidence procedures. " thousand Pentium computers would have to count over ten years, around the wording of a zehnminuetigen Telefonates to decode ", schwaermt a technician of the new procedure.

Theoretically everyone may acquire the Handy, but the cost price of approximately 6000 Marks might limit the set of the buyers drastically. In some countries is besides the application of the encoding technique expressly forbidden. First user of the TopSec GSM is the German Minister of the Interior Otto Schily; he got a device from the pilot lot given ( Gerard Ducasse ) / ( dz / c't)

The slashdot 2 minute between postings limit:
Pissing off hyper caffeineated /.'ers since Spring 2001.

I don't know who uses them now, but a few yearsago (1)

loraksus (171574) | more than 12 years ago | (#187681)

Kevin Mitnik.
Though, as I recall, that went badly for him.

The slashdot 2 minute between postings limit:
Pissing off hyper caffeineated /.'ers since Spring 2001.

Re:Some thoughts (1)

loraksus (171574) | more than 12 years ago | (#187682)

If I were running the echelon network, I would flag encrypted stuff for immediate decoding. Lord knows they have the cpu cycles to do it. Shit, the pentagon sits on top of a LAKE of liquid Nitrogen.

In fact, I bet they have all conversations deciphered and "filtered" within one minute of the call is hung up.
I'd also have competing geeks in charge of seperate decryption centers - probably their decryption times are a point of pride within the "company" - sorta like Geordi LaForge tweaking the warp engines.

Ok.. I'm not sure about the following part, but it sounds kind of logical.

Coincidentally, once someone "cracks" the encryption (it is private/public key based) encryption on one mobile phone, it any further encryption rendered "useless" from that phone, or just for data coming into/ out of that phone?

hmm.. private keys are generated from a "random set of primes", if someone was to um.. "learn of" the code to make "random" numbers (because they are truly not random, but based upon some calculation that gives the appearance of "randomness" [is that a word?]), they could create private keys - or greately reduce the number of guesses in their attack on the encryption.

after all, if the sim card (whatever, the little id chip in the phones) is linked to the user of the phone through billing records, etc... I'm sure it has a serial number / date / time produced. If one had the random prime generator, they could considerably weaken this whole encryption scheme.

Of course, it would require the assistance of the Deutche Telecomm (or whoever).

The slashdot 2 minute between postings limit:
Pissing off hyper caffeineated /.'ers since Spring 2001.

Am I wrong? (1)

loraksus (171574) | more than 12 years ago | (#187683)

Ok.. I'm not sure about the following part, but it sounds kind of logical. I'm probably full of s**t, but if someone who is knowledgeable about cryptography could explain my errors in logic / whatever, I would greatly appreciate it.

Firstly, (basic question)
Once someone "cracks" the encryption (it is private/public key based) encryption on one mobile phone, it any further encryption rendered "broken" from that phone, or just for data coming into/ out of that phone?

Secondly, (kind of mind trippish)

From what I understand, private keys are generated from a "random set of primes", or a "super" long, prime, random number.

If someone was to um.. "learn of" the code to make "random" numbers (because they are truly not random, but based upon some calculation that gives the appearance of "randomness" )
and reproduce the conditions of the original generation of the private key - they could generate private keys - and greately reduce the number of guesses in their attack on the encryption.

After all, if the sim card (whatever, the little id chip in the phones) is linked to the user of the phone through billing records, etc... I'm sure it has a unique serial number / date / time / place produced burned into it.
If one had the code for the random prime generator, they could considerably weaken this whole encryption scheme.

Of course, such a project would require the assistance of the Deutche Telecomm (and/or whoever made the SIM cards/cell phones).

The slashdot 2 minute between postings limit:
Pissing off hyper caffeineated /.'ers since Spring 2001.

Re:Am I wrong? (1)

loraksus (171574) | more than 12 years ago | (#187684)

but what if the private key is generated once - at the factory - which I understand is the case, as it is a fairly intensive process to find long primes - my athlon 850 takes nearly a minute to make me a private key.

The slashdot 2 minute between postings limit:
Pissing off hyper caffeineated /.'ers since Spring 2001.

Some thoughts (2)

loraksus (171574) | more than 12 years ago | (#187685)

I'm pretty sure echelon has this covered, either through straight decoding, a government "key" or whatever.

Also - you can be sure that encrypted calls will be decrypted by some government - after all -- their mindset is "if you have nothing to hide...". Especially in this situation, where the phones are not encrypted all the time (the user has to activly turn on security).

If you are attracting so much attention to yourself - I suppose use for this will be more for commercial purposes than planning terrorism.

hmm.. how much bandwidth does the call use? POTS is made to run with 4000hz of bandwidth, with the maximum data rate of about 56k (something about the maximum number of discrete signals possible within a certain block of bandwidth. Are calls going to sound good when they hit a land line?

If the cell phones do hit a land line somewhere, I'm sure that the call must "fit" into a "standard" voice grade telephone circuit. which is slightly different in europe, but the bandwidth alloted for each connection is very close (don't have my euro telecomm handbook with me now, sorry)

On a side note, the US Navy Seal teams use 256bit encryption, burst transmission technology in their headsets. That is some nice stuff - supposedly clear as a bell too. So nanana-boo-boo.

Hmm.. the canadian rcmp in BC use encrypted radio sometime too, its not phone, but kind of annoying not being able to hear the swat deployments like you used to be able too.

The slashdot 2 minute between postings limit:
Pissing off hyper caffeineated /.'ers since Spring 2001.

Re:They finally did it.... (2)

SnapShot (171582) | more than 12 years ago | (#187686)

I think what's really giving the NSA, CIA, FBI, Mossad, M5, M6, etc. the shits is the disposable cell phone with X pre-paid minutes bought with $20 dollar bill.

If you're important (or notorious from the alphabet-agencies point-of-view) enough to need encryption, you're going to be better off with a simple anonymous phone (the same anonymous phone that every mom gives to her child before sending them off to school.)

OTOH, my understanding is that the disposable phones will be "send only", so the receipiant may still be vulnerable to bugs, etc... I guess will have to wait and see what comes out of the product pipeline over the next couple of years.

Re:They finally did it.... (2)

Anal Surprise (178723) | more than 12 years ago | (#187687)

Oh, please. This is still a toy, because you only have encryption between the phone and the cellular provider. The NSA, if they want, can still try to intercept the signal once it gets to your phone company, or the FBI can get a court order (or not) and silently tap your sad ass, just as easily.

The NSA will break into cold sweats when there's backdoor-less phone-to-phone encryption with arbitrary and generally large keys using well-known and trusted cryptosystems. I don't think it's going to happen for a while.

Pentium what? (1)

Karl_Hungus (180893) | more than 12 years ago | (#187688)

The German: Tausend Pentium-Computer müssten über zehn Jahre rechnen, um den Wortlaut eines zehnminütigen Telefonates zu entschlüsseln

The babelfish English: Thousand Pentium computers would have to count over ten years, around the wording of a zehnminuetigen Telefonates to decode


Exactly what kind of pentium do they mean? A P-90 or a P4 1.7GHz? I think an 'around-the-clock' idiom got lost, but I still could use something more specific. I didn't Babel the entire page, just that selection. If I missed something, please fill me in.

Re:Isolationist Conservatives Despair (1)

Karl_Hungus (180893) | more than 12 years ago | (#187689)

Guess this means that all U.S. efforts to block encryption technology from leaving the country has failed. Surprise. Now that they have it in cell phones will U.Sam allow us to freely exchange web browsers?

That depends on whether they adopted an algorithm first conceived in the U.S. or whether they came up with one of their own. And to answer the question, no they won't. Anything that makes it harder to kep tabs on Americans is generally opposed by the feebs. And, if it's foreign software, the spectre of trojans can always be invoked, regardless of the facts or the availability of the source code. They know most users, even savvy ones, won't do a code review before plopping something on their system with no more guarantee than a 'word-of-mouth' recommendation. Just tell them it can't be trusted and it's verboten.

Re:Some thoughts (1)

Karl_Hungus (180893) | more than 12 years ago | (#187690)

I'm pretty sure echelon has this covered, either through straight decoding, a government "key" or whatever.

Well, what I've read about Echelon says they're key-word driven. If they automatically flag all encrypted communications, they can break them at their leisure, but then turnaround becomes a problem. Once you break it, you still have to index it. By the time you get that done, there might already be a big hole in the WTC. Useful for prosecution, if not prevention.
As to a backdoor, who knows? Europeans are very sensitive about this just now (and rightly so,) and they might embrace a non UK/USA(et. al.) solution even if they aren't German. I guess it comes down to the US' ability to compromise the design of whatever chip it is that does the heavy lifting.

In other words.... (2)

abdulwahid (214915) | more than 12 years ago | (#187692)

"A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call".

In other words this encryption in nothing for the hugh computing powers of the likes of echelon!

Nice features, but... (2)

ackthpt (218170) | more than 12 years ago | (#187693)

That enigma machine you have to plug into them is kinda bulky...

--
All your .sig are belong to us!

Re:They finally did it.... (1)

Arthur Dent 75 (221061) | more than 12 years ago | (#187694)

Oh, please. This is still a toy, because you only have encryption between the phone and the cellular provider. The NSA, if they want, can still try to intercept the signal once it gets to your phone company, or the FBI can get a court order (or not) and silently tap your sad ass, just as easily.

I assume that you have not read the article (ok it's in German, so no blame on you). It is made quite clear that the encrypted connection is made on a data channel (9.6 kbit/s) between the two phones. The provider does only see the encrypted stream.

However it must be researched how the key exchange is done. I assume it's some sort of Diffie-Hellmann-Algorithm which might (under certain circumstances) be broken with a Man-In-The-Middle attack. Question is, how do they do the authentication. There's no information about this important feature available now.


--

They Obviously Don't Watch X-Files (3)

karma kameleon (222035) | more than 12 years ago | (#187695)

Smoking Man has a secret briefcase with a button and a knob marked 'Decrypt', which renders this technology and it's kin useless.

Re:Eggs in a hailstorm (2)

danox (232017) | more than 12 years ago | (#187696)

Well, not being a US citizen, I must say that I am damn glad that this tech did not originate in the US. That gives the rest of the world a chance to get a hold of it one day.

The US are such bastards when it comes to crypto that any crypto tech that is being developed there is likely to stay there, or only leave in a watered-down version.

I say hooray that non US companies are developing crypto, and keeping the US governments hands off the tech.


--

Why not software encryption in every mobile ? (1)

tempmpi (233132) | more than 12 years ago | (#187697)

I wonder why this couldn't be done in software in every mobile phone ? Every new mobile has a nice and speedy cpu in it, that should be able to encrypt the 2400 bytes of traffic a GSM mobilephone sends and receives on the fly. There are nice encryption algorithms like TEA that should be able to do this even with the limted processing power of a mobilephone. A $2700 mobile with encryption will not be a big problem for the secret services because almost noone will buy one, but a little firmware update that makes your old mobile to an mobile with powerfull and save encryption could be a problem.
Firmware hackers where are you ?

Cell phones and anonymity (2)

corvi42 (235814) | more than 12 years ago | (#187699)

Wow, cool. Yet another step towards _anonymous_ portable communication. Cell phones are already more dificult for police & other agencies to tap, because it requires identifying the numbers the phones use to identify themselves to the cell companies. No problem if your surveillance team does it the legal way and gets a court order that the cell provider must cooperate with.

In addition to this, here in europe, pay-as-you-go type cell plans are very very popular - you can walk into any radio-shack equivalent store and for the equivalent of $28 ( USD ) you can buy a package over the counter that gives you a number on your choice of the local services. Basically its just a smart-card chip you pop into your phone. No sign-up is required. You don't give your name or any details to anybody about who you are - just hand over the cash and get yourself a number. You have a limited amount of money on the card, and you can 'recharge' it buy buying a card with a code number from any convenience store that you punch into the phone to get more talk-time. Want a new number? Just buy a new smart-chip. There is nothing to prevent you from having a dozen of these.

These are full-service plans too, complete with voice-mail, and all the cool services. They also have roaming so that if you have a tri-band phone you can use this pretty much anywhere in the world ( price per minute goes up a lot of course ). But clever use of this system could mean totally anonymous world-wide phone service.

Now if you can combine this with medium-level encryption ( lets face it, 128-bit is not high these days, and a good cryptanalyst can certainly break this much easier than the claim of a thousand pentiums for a thousand years), we're really starting to see good secure private personal communications become and industry standard. I like it.

No Kidding. (1)

irc(addict) (239487) | more than 12 years ago | (#187700)

Pentium Computers? 10 years on a "Pentium Computer"?
What, a Pentium 133Mhz? Im sure that'll be really helpful.
:-)

Oh, joy! Not. (1)

irc(addict) (239487) | more than 12 years ago | (#187701)

What we have here is a mobile phone which only encrypts to the communications partner. Not to the person you call, the that can still be tapped.
And, if you think this will protect you from goverment services, think again. Most large goverments (hint: America) could break that very easily (hint: Super Computer (Cray?)).
And dont get me started on the price!

Re:This is not as impressive as it sounds: (1)

n xnezn juber (243178) | more than 12 years ago | (#187703)

Indeed specialized hardware takes alot of the fun (fun as in watching paint dry) out of brute-forcing a crypto scheme but there are limits to how effective it can be with longer keys. And of course a 128 bit key doesn't mean much without knowing the encryption algorithm and implementation which may have it's own flaws that make an attack relatively trivial.

For example, why find an MD5 collision (128 bits) if all you need is to crack 40-bit RC4!

Re:Am I wrong? (1)

n xnezn juber (243178) | more than 12 years ago | (#187704)

On any hardware device, especially one with analog circuits (like a cell phone) there can be plenty of sources of randomness: background static in the microphone, fluctuations of the RF signal. It should be quite easy to seed a random number generator from these sources. Even if the random number generator is known, it is not always possible to even remotely guess at what the next numbers will be without knowing the seed and internal state.

As for the first question, most likely the key is used for a single session (phone call) and regenerated at each subsequent call. It is also definitely possible that the key may be regenerated during the phone call so every 10 seconds (for example) it may re-handshake with a new key thereby requiring an attacker to again crack the new encryption key.

Eggs in a hailstorm (2)

Bonker (243350) | more than 12 years ago | (#187706)

First, I'm dissapointed that this technology didn't originate in the United States. It's a sad thing, proof of the fact that government controls on crypto have inhibited U.S. companies from developing strong, easy crypto solutions.

'Push of a button'. Gawd, I'd love to see that same button installed by default on M.S. Outlook, or Netscape Mail without a complex PGP install beforehand.

This said, however, I would like to praise those who continue to break down the walls of encryption FUD that the United States government law enforcement has pushed onto the American peopole, even if they work from outside. The American government strongly opposes encryption of all kinds in the hands of Americans or non-Americans because of the possibility that it will be used by terrorists and criminals. This *proves* to both USians and the rest of the world that this is not the case. There is a valid market for crypto.

Like an overprotective mother hen, the FBI, DOJ, and NSA have been working to keep americans safe inside of a non-crypto egg. We can't break out, as long as they have so many claws in both the legal process and communications industries. Usually eggs are good at keeping outside influcences out, but I strongly beleive that efforts like this from Germany (and the rest of the world) will be the beginning of a crypto hailstorm the likes of which will at once confound and terrify the ill-prepared USLE agencies and liberate Americans from the oppression created by a simple lack of privacy.

Now let's support these guys and let them know how much we want these phones in the U.S.. At about $2.6k, they'll cost as much as a top of the line workstation, but as the userbase grows, you can bet the price will shrink.


Re:sure sure.. (1)

sporktoast (246027) | more than 12 years ago | (#187707)


Is it just me, or did this headline make anyone else think of some kind of gadget-festooned vehicle for a teutonic superhero?
Ach! Blackhats are attacking the servers in Central City!

Schnell! to the Crypto Mobile!


They finally did it.... (1)

RavStar (252707) | more than 12 years ago | (#187708)

This is the tech that gave the NSA cold sweats. AT&T was going to make a cheep encrypted phone like this, it freaked out the general intelligence groups. They tried to make encryption unlawful, but it didn't work (as we all know). I would mind getting one of these just to spark hits on the computer they must have setup to find these types of calls when they are placed....

Shameless Plug for my website:
Wireless Lan Systems!
Network over a 25 mile radius!
MicroCellular Systems!
www.techsplanet.com/wlan [techsplanet.com]

Hey, at least I didn't use the BLINK tag!

Re:They finally did it.... (1)

RavStar (252707) | more than 12 years ago | (#187709)

sorry, I sell wLAN systems with average tickets over 5k all day, I start thinking 3k as cheep...


:)

Propriatary Encryption vs. PGP (1)

jstockdale (258118) | more than 12 years ago | (#187710)

An encrypted cell phone is all good and well but it will be hard to know the true value of the phone until the algorithm has been throughly examined. Personally I would much rather have a phone based on a widely known and exceptedly secure encryption system such as pgp. Also, if such a system were implemented, cross product support would be possible, as well as connection to other devices such as computers. Think: pgp ncryptd txt msgs dl-able 2 u r comp

Re:G3 DIY implementation? (1)

EllisDees (268037) | more than 12 years ago | (#187711)

You know, something just lik this occurred to me about a month ago when there was the announcement about the java-enabled cell phones. Anyone have any idea if something like that would be possible?

Re:Some thoughts (1)

EllisDees (268037) | more than 12 years ago | (#187712)

One would think that a $3,000 encrypted phone would be using a real source of randomness like the microphone or a heat sink. Who can say for sure, though?

Re:cannon fodder? (1)

MulluskO (305219) | more than 12 years ago | (#187715)

The article mentioned something about punching in a key and switching into data mode. It's hard to read translated text, but I think they mean the keys for the encryption. Any thoughts from anyone that actually speaks German? Or has better reading comprehension?

Isolationist Conservatives Despair (2)

MulluskO (305219) | more than 12 years ago | (#187716)

Guess this means that all U.S. efforts to block encryption technology from leaving the country has failed. Surprise. Now that they have it in cell phones will U.Sam allow us to freely exchange web browsers?

Nothing is 100% secure (1)

Savage-Rabbit (308260) | more than 12 years ago | (#187717)

Is there any really secure form of communication? Even encryption software can be modified to have a back door. And even if there is no back door, of what use is encryption if somebody hacked your M$ Winsh*t PC and installed a keyboard sniffer that records what you write in your emails and secure files before it gets encrypted? If you want your operations to be secure do not communicate at all do everything yourself.

Even if it is still possible to bug my conversations with a directional mike in a black van at least it is alot harder for them to bug me. A van skulking around behind me in traffic with a big mike is alot hard to miss. Also I can sweep/check the phone for cockroackes installed on the production line myself.

The point is this thing will make life harder for the NSA/KGB/Chinese Intelligence sevice/Microsoft/Vice squad/the neughbourhood pervert or anyone else who gets off on bugging my conversations. Seatbelts are not a 100% guarantee that I will no get hurt in a car crash so should I regard them as useless and not use them? I use them anyway because they may not be 100% perfect but they do reduce the risk of damage. The same goes for this gizmo it may not be foolproof, but if I had a need to conduct secure conversations It would at the very least give me a small kick to know that the life and work of evesdropping pervets just go a whole lot harder.

Ok, I think some people here are missing the point (2)

Sycraft-fu (314770) | more than 12 years ago | (#187719)

I'm seeing all this talk about how a specially designed computer can smash DES or how governments can break it, etc. That's not the point. The point is to keep the cell phone equivalant of packet kiddies (the ones in the dorms that love to snoop your passowrds) from listening in on your call. An ecnryption method like this is hard enough they are highly unlikely to have the resources necessary to break it.

This might sound silly to some, but things like this are a real problem. At least once every couple of years someone at U of A gets busted for using a scanner to evesdrop in on cordless phone calls. Now of course this is easily defeated by using a spread spectrum phone (DSS), however I'm sure that won't last. Sooner or later, we'll start to see scanners around that can listen in on those too (or for that matter they may be floating around and I just haven't heard about them). Same thing applies to cellphones. The technology will come out to listen in on them too. Well this adds another layer of significant difficulty. You really have to have a good reason to spend the time, effort and resources to crack an encrypted call like that.

As of right now, I don't think there is a need for these en masse, and the price certianly reflects that. However, I'm sure in the comming years there will be.

Re:Ok, I think some people here are missing the po (2)

Sycraft-fu (314770) | more than 12 years ago | (#187720)

And in this case, it's far more than that. The problem with the kind of scrambling now is that it's REALLY EASY (in a computational sense) to break. Granted, you still need a spiffy scanner/decryptor, but that's all. Now if you add some DES encryption, well that's going to push it up into the top .01% or so. In addition to everything else, now the packet kiddie will have to get some serious CPU power, which they aren't likely to have (otherwise, they wouldn't be a packet kiddie) and can't afford.

It's kinda like SSHing instead of telnet. I don't do it to keep the government, etc from looking in. If they want to see what I'm doing they can just get a warrant to search my computer. I do it to keep all the l33t hax0rs from looking in on my datastream. Of course I use a good, strong, encryption scheme (blowfish usually) since it's available, but I'd settle for plan ole' DES is I had to. That would mean that the only people capable of looking in on my stream wouldn't be able to.

Also another important factor of getting this going is working out all the general kinks. Perhaps later as small processors get cheaper and faster and as crypto laws loosen up we'll see better encryption implemented in phones. You have to start somewhere.

Re:Cool! You just made it easier for them.. (1)

gd23ka (324741) | more than 12 years ago | (#187721)

So you use more than the usual maximum of 6 base station. Great! You just made it easier to get an triangulation fix on you. What you would want to do is to only use 1 base station and live with the reduced reliability. That way they can still tell you're in the vicinity of base station X but that's just about it. They'd either have to get base station firmware that keeps track of GSM mobiles it isn't actively communicating with or hit the street with portable GSM sniffers. My .02 are that I wouldn't trust the crypto in that device. A very hard to detect intentional flaw to put into an encryption device like that would be to make the random number generator predictable. What's more.. every GSM phone has an unique serial number (IMEI International Mobile Equipment Identification) that is registered somewhere and even encodes the type of device and manufacturer. Since not everyone has them because they're selling these devices at prohibitively high price, if you paid that kind of money for your mobile they would suspect you're up to no good and monitor all your communications, not only the ones from the mobile, more closely.

Re:too weak, far too weak (1)

Mantis69 (446522) | more than 12 years ago | (#187722)

Fortunately this is not true. With a good symmetrical encryption system 128 bits is secure enough to be virtually unbreakable, or if not completely unbreakable certainly not worth the time and effort to do so. For more information about the type of cryptosystem on this phone read the following:

http://www.ssh.fi/tech/crypto/algorithms.html

The section secret key cryptosystems lists the most commonly used systems (DES probably being the best known) that could be used on this phone.

much better+cheaper options are around (2)

m08593 (455349) | more than 12 years ago | (#187723)

DM6000 is what, $2500? I wouldn't be surprised if the primary purpose of this phone isn't simply to flush out people who have what some people might consider, rightly or wrongly, a "suspicious concern for privacy". It will definitely flush out people who have too much money and aren't very smart.

Hardware encryption itself is also both flawed and unnecessary. With hardware, you can't tell what bugs or backdoors may be in there, and if you discover anything, you can't fix it.

There are options that are cheaper, more secure, and more standard around. Current laptops can do real time speech compression and encryption just fine, with software that uses known strong algorithms and is demonstrably without backdoors. You can plug in any of the wireless PCMCIA cards in there and have secure phone conversations over the Internet, not just another ccompatible ell phone user. If you need something smaller, a WinCE or LinuxCE handheld with a cellular phone/modem CF card will probably be a realistic option pretty soon.

Siemens In Bed With the CIA (1)

Malkave (456320) | more than 12 years ago | (#187724)

I'd be considerably more enthusiastic about this if Siemens hadn't been in bed with the CIA for decades. If anyone here recalls when some swiss crypto company's salesman was arrested in Iran because their product had a backdoor, with their diplomatic communications being funneled to Langley. One of the main points was that the CIA, working through Siemens had planted its own algorithm in the chips at some stage. Don't recall the exact date, but I imagine a trip to google would solve it. It's also on Stratfor.com for those with access.

Re:cannon fodder? (1)

Maresi (456339) | more than 12 years ago | (#187725)

It says that a new key is chosen each time out of 10^38 (i.e. 2^128) possible ones; no word on how it defends against eavesdroppers.

The Phone simulates a normal phone call, but the encrypted data is sent via the data channel. The real "punching" part is IMHO the key exchange when a new connection is established.

Sounds like it's actually only negligibly more secure than no encryption at all

If the key exchange is solved secure enough you have only two ways to eavesdrop the call: A quantum computer or a good mike near the caller (ok, a third one: a bug in the phone.)

Maresi

--

Re:Encryption or frequency hopping? (1)

Maresi (456339) | more than 12 years ago | (#187726)

No. Its real encryption, not frequency hopping.
To cite: "...briefmarkengroßes Modul codiert und verwürfelt die ausgetauschten Daten so gründlich, dass selbst Geheimdienste nicht mithören können"
Translation:"... stamp-sized module encrypts and shuffles the exchanged data so thoroughly thateven secret services cannot eavsdrop"

Best regards
Maresi

--

Who cares (1)

nicello (456347) | more than 12 years ago | (#187727)

Who cares if the governments of the world can listen to your conversations? The CIA, NSA, etc. does not have time to listen to my calls or anyone else on this site. Even if they did I would rather let them hear me and stop just one terrorist act. The fact is privacy is still very abundant and at the same time highly overrated.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...