Cellphone encryption

Discussion in 'privacy technology' started by n33m3rz, Mar 24, 2009.

Thread Status:
Not open for further replies.
  1. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    All the cell phone encryption software I can find costs like $1,000 per license. Why does there seem to be no open source cell phone encryption? Anyone know of anything I am not seeing?
     
  2. mjau

    mjau Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    30
    I wonder this myself.

    I found encrypting sms there are 2 free software for that, cryptosms.com and cryptosms.org both free and works great.

    I have also had the chance to try out SecureGSM this can be found as a cracked version on the net, but i belive a cracked version is a compremissed version.

    I mean it wouldent take to much effort for someone to code a voie encryption software, just make the voice travel over data channel and send it as encrypted packages. And dont charge more then 20 dollers and you have a market :)

    SecureGSM gives a echo but that i can live with.
     
  3. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    CryptoSMS.org seems to use elliptic curve cryptography, but I'm no familiar enough with it to comment. CryptoSMS.com, however, displays bad decision making all around; they're victims of the mentality that we should stack multiple primitives on top of each other. This is overhyping a problem that is sufficiently and conservatively solved with the use of a single primitive (i.e., the AES). Furthermore, while they do mention the use of a MAC, they don't describe it; this bothers me, as integrity is much more of a concern. It's not hard to imagine instances where being able to manipulate a message is worse than being able to read it. Based on their overall approach, I'm not confident in their MAC.

    As for GSM security in general, you could say it has been a failure, cryptographically (e.g., Comp128, A5, et cetera); then again, it has given cryptographers the chance to write a lot of research papers, so perhaps it has been a success in that regard. In Security Engineering, Ross Anderson mentions the citing of GSM security as an object lesson of Kerckhoffs' Principle, in that security should rest in the choice of the key – not in the obscurity of the mechanism. There are all sorts of reasons it could be seen as a success to phone companies, but that's talk for another rainy day. Security-wise, 3GPP is looking much better. We'll see.
     
Loading...
Thread Status:
Not open for further replies.