>> How is traffic analysis of the Cryptophone users blocked?
>
> It's not. Secure phones aren't designed to do that.
One of the strong points there is that, since pretty much the only
architecture which *can* thwart traffic analysis is some sort of
collaborative mixnet (Mixmaster, Tor, whatever onion-stuff), you can't
get a proper guarantee of traffic analysis resistance without
collaboration. Of course you could always design you stuff such that it
can also function point-to-point in addition to utilizing a mixnet when
that sort of thing is available. But then, your average user would
probably not understand the difference. The result? The occasional
availability of traffic analysis resistance would lull the user into a
communication pattern, which could betray hir when the collaborative
infrastructure wasn't available.
(With phones this is doubly as perilous today, because GSM and landlines
do not support mixnets out of the box, whereas with enough diligence,
you probably could route your VoIP over Tor.)
> Obviously, encrypted communications users should practice methods to
> obfuscate intelligence that could be gained by eavesdroppers using
> traffic analysis, if that concerns them.
Whence, steganography. I'm amazed at how little heavy-duty attention
that field gets nowadays, apart from digital watermarking efforts. It
seems that just about every online reference is still talking about
hiding stuff in the low order bits of images. Not about even the most
conventional, solid, statistical or information/control/decision
theoretic formulation.
> Even if a Cryptophone's communications is recorded, a new random
> encryption key is used for each call and discarded when it ends
> (one-time pad.)
That is likely to be not true. Otherwise every single bit of surprisal
sent out by phone would have to be encrypted with a singly used, random,
secret bit shared by both. What you likely really mean is that you
negotiate a randomly derived session key, used for symmetric encryption.
Then we have to hope that the randomness is strong, the key negotiation
secure, and the symmetric cipher strong enough. Plus of course that
you've minded things like perfect forward security and other protocol
aspects.
> One would wonder that until they got to know them ;-) Cryptophone's
> people have long possessed a strong "hacker ethic" and
> anti-authoritarian principles.
Heh. I actually just recognized John's name and address. I believe I
used to participate on the cypherpunks list along with him, over its
eventual decline. With John being one of the old beards around, and
myself one of the young, slowly learning, and
far-too-cocky-for-my-own-good amateurs. So for what it's worth coming
from me, I at least think it's safe to say he's been through the
cryptobattles, and Knows His Stuff where it comes to crypto. Most
especially he Knows People Who Know Even Better. And not least the
attitude -- just look at cryptome.org and weep. :)
> COMSEC is their passion.
Without even looking at the stuff, let me throw in the air a
TSCM-relevant aspect of crypto most people haven't seriously thought
about, with my guess being that they haven't either: code timing
attacks. In real time communication those are particularly insidious,
because they can be evoked with very little interfering energy, and are
prone to leading to retransmissions which involve the cryptographic
circuitry/code.
> Would you trust a COMSEC vendor whose primary source of income is from
> government agencies?
That's a two-pronged thing. On the one hand, they have much to gain by
planting a back door. On the other, they're also securing stuff that is
much more damaging if divulged than your average coder would.
> History proves that's a bad bet if one is concerned about government
> eavesdropping.
Does it? Take DES. It was one solid cipher for its time. Even protected
against differential cryptanalysis before the technique was ever widely
known. Truly Government Grade.
> Cryptophone doesn't claim to offer "absolutely" secure solutions; they
> uniquely claim theirs are the most *verifiably* secure solutions
> available to the general public.
Openness and independence help. But again, that's nothing new. Everybody
in the crypto community thinks that.
--
Sampo Syreeni, aka decoy - de..._at_iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
Received on Sat Mar 02 2024 - 00:57:25 CST