Vulnerability Development mailing list archives
Re: Q: Voice over IP security - anyone?
From: Guilherme Mesquita <guy () linuxbr com br>
Date: Sun, 8 Oct 2000 15:12:02 BRST
Well, isnt this a paranoid circunstance? Decrypting a few megabytes into a backbone is REALLY, but REALLY hard... Well I would say impossible "selecting" packets in a huge bandwidth and logging everything to files, since the decryption could not be perfect and the chat could be caught after the "handshake" between the hosts, etc... Well if you are talking about testing, ok its unsafe but about real application of the cracking stuff... well That's another topic which should be discussed by people which has access to high bandwidth backbones, data analyzing software and high performance (clustered?) decryption system. Guilherme On Sun, 8 Oct 2000, Lincoln Yeoh wrote:
Date: Sun, 8 Oct 2000 15:13:30 +0800 To: VULN-DEV () SECURITYFOCUS COM From: Lincoln Yeoh <lyeoh () POP JARING MY> Reply-To: Lincoln Yeoh <lyeoh () POP JARING MY> Subject: Re: Q: Voice over IP security - anyone? At 10:46 AM 10/6/00 +0200, Bluefish (P.Magnusson) wrote:Personly, I believe they are totally clueless. Take the weak GSM enctryption, why is it so weak? There is no point, really, as for theFor GSM it was not cluelessness. It was public knowledge about a decade ago why it was weak, I believe it came up in the major UK newspapers. The encryption was intentionally weakened by request of the spy agencies (GCHQ etc). There was a bit of a noise about it, then it died down. Because of that I was very puzzled why there was such a big fuss about some people cracking the crypto a couple of years ago. I mean, it's intentionally weak, so why were people so surprised it was cracked? Also don't know why some crypto people appeared to be surprised the crypto was weak. Anyway, you don't even need to crack GSM crypto to listen in. The conversation is only encrypted from the phone to the tower (or was it the exchange? anyway), from then on it's "clear text". So if the police did things the "redtape" way they can listen in without having to crack anything. I suppose it's too much of a hassle to get permission from the necessary people? Whatever it is you definitely can listen in to conversations at the phone exchange level. Cheerio, Link.
Current thread:
- Q: Voice over IP security - anyone? Craig, Scott (Oct 05)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 07)
- Re: Q: Voice over IP security - anyone? Lincoln Yeoh (Oct 08)
- Re: Q: Voice over IP security - anyone? Cold Fire (Oct 08)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 10)
- Re: Q: Voice over IP security - anyone? Lincoln Yeoh (Oct 08)
- <Possible follow-ups>
- Re: Q: Voice over IP security - anyone? Guilherme Mesquita (Oct 08)
- Re: Q: Voice over IP security - anyone? Bluefish (P.Magnusson) (Oct 07)