[VOIPSEC] Actual Attacks
Robert Moskowitz
rgm at icsalabs.com
Mon Feb 28 15:39:49 CST 2005
At 03:31 AM 2/26/2005, Simon Horne wrote:
>With reference to the above product, more than ever vendors have to
>seriously consider Media Encryption with a Handshake technique which foils
>these types of "wire taps".
What is Media in this comment? 802 media? SONNET, ATM, etc media?
>Methods such as Single Use Diffie Hellman generated half key pairs (with 1
>half encrypted) as used in TLS on a seperate secure channel is an
>excellent method to stop the "Man in the Middle" from being able to
>decrypt the voice traffic. They may be able to capture to .wav the
>contents of the conversation but it would be complete garbage. Each
>conversation or part of conversations are encrypted differently so the
>'tapper' has to use repeated blunt force attacks to access the entire
>conversation. If a large Diffie Hellman "Prime" length is used (>
>1536bits) and a high quality cipher (say AES256), makes it almost
>impossible for all but the the most serious 'tapper' to access.
Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W: 248-968-9809
F: 248-968-2824
E: rgm at icsalabs.com
There's no limit to what can be accomplished
if it doesn't matter who gets the credit
More information about the Voipsec
mailing list