Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cellcrypt?

Fabio Pietrosanti (naif) lists at infosecurity.ch
Wed Feb 8 08:35:09 PST 2012


<DISCLAIMER>
I work since 2006 as a CTO for a company competitor of Cellcrypt
</DISCLAIMER>

It's a proprietary encryption technology, not subject to auditing to
anyone other than government customers.

It follow a "legacy" technological approach to cryptography by
leveraging secrecy, that's something in the culture of military
encryption technologies.

There are existing IETF standard protocols to satisfy almost any VoIP
encryption needs and a wide range of software (opensource/commercial,
desktop/mobile) that let you do encrypted phone calls on different
security model (end-to-end vs. end-to-site).

You can read an overview of most voice encryption related security
protocols (proprietary and non-proprietary) with a bit of history on
http://www.slideshare.net/fpietrosanti/voice-securityprotocol-review

I consider Snake-Oil [1] any approach that doesn't use:
- open standards
- open code (at least for encryption)

As my personal effort for transparency i managed the release of
implementation of cryptographic modules on http://zrtp.org .

Additionally you should pay attention to protect the SIGNALING, as the
phone-call-logs analysis could provide a worst impact on user privacy
than the content of a conversation.
Almost any interception goes before with an analysis of the
phone-call-logs (CDR) in order to detect targets in a communication
social network.
SIP/TLS (SIP over TLS) provide that kind of protection.
If you use a DHE capable SIP client, you can achieve also Perfect
Forward Secrecy protection for signaling (as long as you don't keep log
on server).

-naif

[1]
http://infosecurity.ch/20100719/snake-oil-security-claims-on-crypto-security-product/


On 2/8/12 5:10 PM, Cyrus Farivar wrote:
> Anyone done or seen any audits on Cellcrypt?  
> 
> http://www.cellcrypt.com/cellcrypt-mobile
> 
> Best,
> 
> -C 
> 




More information about the liberationtech mailing list