'Silent Circle' Military-Grade Encryption Now Available

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
If you are the tin-foil-hat, conspiracy behind every bush or just plain paranoid type, Silent Circle Encryption is right up your alley. The iOS App is now available through the App Store and if you want a full range of iron clad protection, it’s not cheap.

The creators of the app say their intent is not to aid and abet potential criminals, but to support the safe communications of military, government, and secret operators in their travels abroad.
Click to expand...
 
If the encryption behind it is not open source than how can you be sure their are no backdoors... oh wait it's on the app store so it automagically comes with the oneofusoneofus(tm) backdoor built in :)
 
auspexd said:
If the encryption behind it is not open source than how can you be sure their are no backdoors... oh wait it's on the app store so it automagically comes with the oneofusoneofus(tm) backdoor built in :)
Click to expand...

Exactly. This isnt tin-foil hat area anymore. The iphone can be tapped by government at will, just like almost any commercial closed communicatiions device available today. Im building server nodes out of microcontrollers jsut so that i can have a secure comms network and see down to the metal what im working with. I wont be able to prevent people from seeing who is talking to whom, but i can limit what they can see to scrambled bits.
 
Is this like when they call up a bunch of drug dealers, tell them they've won a lottery and come to xyz address to claim their prise and once enough show up they surround the place with about 500 cops with binders full of arrest warrants.
 
You guys should read up on how it works. This is not just an app by itself that is claiming to 'secure' you. It pretty radically overhauls how core functions work (calls, texts etc) and while not designed by the military, was designed for military and contractors by ex-military. Tor works pretty well and that is available to the masses, so who knows. While nothing is completely secure, from what I read, it should be pretty good and an app of choice for dealers and the like that want to keep conversations on the down low.
 
Would be better to just use code at the word level... having everything in plaintext seems kind of silly. :D
 
The government already developes their own apps, and they wouldn't use a 3rd party app for security without an investigation and a legal contract.
 
What is important here is the type of communication that takes place for the encryption key exchange. Is it a burst of data in analog a la modems that passes the key at the press of an app button. Is there a third party involved to vet they key and participants in the conversation?

See the problem with this app right now as I understand it is. You make the call from the phone via the app. Recipient picks up the line. Then via analog communication the key is passed.

All you need as a third party is to have been monitoring the entire conversation from the point of initiation BEFORE the key was passed. (ie at the line connection moment in time.) Then you capture the key in the security handshake. Since it is two way you have no way to vet that nobody else is using the key. Hence the third party in essence with a different version of the same app can decode the communication with ease.

It still boils down to needing protection from the government for the third party. Hence the problem at hand. The app is useless UNLESS someone has unlawfully tapped your line and lacks the software/equipment to capture the conversation.

Now you see the REAL trick here would be the phone call switches over to a digital medium where the key is passed and vetted by a third party (think SSL type encryption.) This way in order to get the REAL decryption key you must be one of the points of the conversation. Any third party coming in for a key would be logged and either denied or with warrant approved.

VOIP is far easier to secure with proper encryption channels and checks.

Admittedly I lack the time or inclination to properly research how this app works.
 
Sounds like a Yubikey does for passwords, this Silent CIrcle does for encryption keys. You somehow load up or generate one-time encryption keys via a Phone App.
 
the government... application to protect data... iron clad.. BUAHAHAHAHAH! , ya like any of those words go together..
 
MrGuvernment said:
the government... application to protect data... iron clad.. BUAHAHAHAHAH! , ya like any of those words go together..
Click to expand...

The article lists "cocreater and former Navy SEAL". I'll give you a hint and tell you the one of the other guys is named Phil Zimmerman. Now go off and google and get a clue.

PS. After reading that (and most other hits) trying to find if they even used real crypto ciphers (they do, but the list I saw was heavily tilted to those associated with Bruce Schneier) I noticed Mr. Zimmerman.
 
You must log in or register to reply here.
Back
Top