Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cellcrypt?

Fabio Pietrosanti (naif) lists at infosecurity.ch
Thu Feb 9 02:33:37 PST 2012


On 2/8/12 8:24 PM, Marc wrote:
> Have you ever heard of  SRTP http://srtp.sourceforge.net/srtp.html
> 
> and are there any security auditions or reviews about it ?

SRTP is the way to symmetrically encipher RTP flow (that can carry audio
or video inside).

SRTP need to be feed with a key, and different key exchange exists:
- SDES (end-to-site key exchange within SIP/TLS enciphered channel)
- ZRTP (end-to-end encryption with Short Authentication String human
verification)
- MIKEY (use x509v3 digital certificate)

So, ZRTP use SRTP in the AES-CTR 256bit mode while SDES use SRTP in the
AES-CTR 128bit mode.

The way you do the SRTP key exchange directly influence the "security
model" and the "thread model" that you would like to manage.

Example graphics on how different key exchange works:
- SDES http://www.privatewave.com/media/0/72847454125568/schema_2.jpg
- ZRTP http://www.privatewave.com/media/0/64694073876826/schema_1.jpg

The SRTP implementation you cited is the universally used one in almost
any commercial and opensource tool that need to do encryption of RTP flow.

-naif



More information about the liberationtech mailing list