Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cellcrypt?

Fabio Pietrosanti (naif) lists at
Wed Feb 8 08:35:09 PST 2012

I work since 2006 as a CTO for a company competitor of Cellcrypt

It's a proprietary encryption technology, not subject to auditing to
anyone other than government customers.

It follow a "legacy" technological approach to cryptography by
leveraging secrecy, that's something in the culture of military
encryption technologies.

There are existing IETF standard protocols to satisfy almost any VoIP
encryption needs and a wide range of software (opensource/commercial,
desktop/mobile) that let you do encrypted phone calls on different
security model (end-to-end vs. end-to-site).

You can read an overview of most voice encryption related security
protocols (proprietary and non-proprietary) with a bit of history on

I consider Snake-Oil [1] any approach that doesn't use:
- open standards
- open code (at least for encryption)

As my personal effort for transparency i managed the release of
implementation of cryptographic modules on .

Additionally you should pay attention to protect the SIGNALING, as the
phone-call-logs analysis could provide a worst impact on user privacy
than the content of a conversation.
Almost any interception goes before with an analysis of the
phone-call-logs (CDR) in order to detect targets in a communication
social network.
SIP/TLS (SIP over TLS) provide that kind of protection.
If you use a DHE capable SIP client, you can achieve also Perfect
Forward Secrecy protection for signaling (as long as you don't keep log
on server).



On 2/8/12 5:10 PM, Cyrus Farivar wrote:
> Anyone done or seen any audits on Cellcrypt?  
> Best,
> -C 

More information about the liberationtech mailing list