Lista poslednjih: 16, 32, 64, 128 poruka.

VOIP uskoro kriptovan!

[es] :: VoIP :: VOIP uskoro kriptovan!

[ Pregleda: 2933 | Odgovora: 2 ] > FB > Twit

Postavi temu Odgovori


Pretraga teme: Traži
Markiranje Štampanje RSS

Slobodan Miskovic

Član broj: 4967
Poruke: 5814

+105 Profil

icon VOIP uskoro kriptovan!08.08.2005. u 12:58 - pre 229 meseci
Fil Cimerman (Phil Zimmerman), jedan od najvecih svetskih kriptografa, saopstio je da je osvojio tehnologiju kojom moze zastititi razgovore vodjene preko VOIP-a od prisluskivanja.

-Mislim da nije pametno koristiti VOIP i razgovarati preko interneta ako se niste zastitili - kazao je Cimerman.
On je najavio da ce njegova firma ''PGP Inc.'' uskoro ponuditi na prodaju software za kriptovanje razgovora preko interneta pod nazivom ''Zfone'', a da ce vec za mesec dana izdati besplatan prototip za korisnike ''Mekintos'' racunara.

''Zfone'' u trenutku uspostavlja veze izmedju kratke serije slova o brojeva izmedju korisnika ovog nacina zastite, a ukoliko se nizovi koji se razmene ne uklapaju, to je upozorenje onima koji pricaju da postoji neko treci - ko ih slusa.

Ovakav nacin zastite onesposobice cak i sluzbe bezbednosti u prisluskivanju VOIP saobracaja.

- Koncenzus koji je postignut krajem devedesetih je da jaka kriptografska zastita samo poboljsava drustvo. - kaze Cimerman - Pa, cak i ako takav vid zastite mogu koristiti i teroristi. Mi smo to zakljucili i odlucili tokom mira, kada nije bilo teroristickih napada kao danas, u trenutku kada smo mogli da razmisljamo hladnih glava.

Zvanicni sajt:

P.S. Mislim da je ovo najobicnija propaganda, ko nasedne na to da ''ce to onesposobiti i sluzbe bezbednosti'' nije bas zdrave pameti...

[Ovu poruku je menjao STELLANOVA dana 08.08.2005. u 14:04 GMT+1]
Odgovor na temu

Slobodan Miskovic

Član broj: 4967
Poruke: 5814

+105 Profil

icon Re: VOIP uskoro kriptovan!08.08.2005. u 13:03 - pre 229 meseci
Zfone secures VoIP

Defcon 2005 Zimmerman's new project

By Charlie Demerjian in Las Vegas: Saturday 30 July 2005, 15:59

PHIL ZIMMERMAN HAS A NEW product that made an appearance yesterday at Defcon 13. While it has been talked about for a week or so, zfone, an encrypted and secure VoIP communications system was given a pretty thorough outing this time around. Based on a lot of work done for Zimmerman's PGP phone many years ago, this new one is written in Python, mainly because it is built off of Shtoom, another Python program.

What zfone does is lower the entry barrier for VOIP calling while eliminating one big class of attack, the man in the middle. Zfone is based on a bunch of open standards, and does a fairly generic SIP VoIP call setup. Once that call is initiated, it passes the keys over the connection, encrypting all further traffic. It should be fairly easy to set up with no overhead, and more importantly, no cryptographic infrastructure.

Several currently available systems all tend to have a few flaws, most of which involve a central certificate authority (CA). Zimmerman thinks that you should not have to set one of these up if you want to do something as off the cuff as make a phone call, and I find it hard to disagree with that logic. The complexity and overhead of a third party you must contact to make a person to person call makes secure VOIP unwieldy to say the least. It also makes it a non-starter in anything less than large enterprise.

Other implementations use TLS, so the key gets passed to the next hop, and it is decrypted, re-encrypted, and passed along. Rinse and repeat, so your 'secure' call is decrypted at a dozen possibly insecure places along the way. Another passes keys as an sMIME email attachment, something that should make your head hurt if you think about emailing someone to set up a call.

The end result is that secure telephony has a long way to go before it is practical. That is why zfone can make such a difference, you plug it in, or at least you will when it is released, and make a call, securely. No infrastructure to support, no email attachments, it just does what you would hope it does, and adds a few twists.

It works by encrypting the data over some fairly ordinary encryption algorithms, no need to reinvent the wheel here. The problem is that if you have a man in the middle, he/she/it/they can spoof the other side and listen in. To combat this, zfone will display a hash of the shared secret information used in the encryption. You read this to the person on the other end, and if your hash does not match his hash, you know you probably shouldn't be discussing the latest shipment of Bolivian marching powder.

So, what if you are lazy and forget to do this every time? Again, zfone steps up to the plate and keeps a hash of all the shared secret information. While the info itself is deleted after every call, the hash is kept, and for the next call, it is injected into the mix. This becomes part of the hash for the next call, and the next and the next. If you forget about reading a hash to someone, you can do it next time. As long as they still match, you know that call, and every call since day one has been secure. Well, it is secure or there is the same man in the middle listening in on every call since the first, which isn't all that likely. If it doesn't match, you have problems, but at least you know you have problems, time to burn the MP3s you legally ripped, or as Zimmerman said, 'a real oh shit moment'.

The two main things zfone set out to do, make secure telephony an easy to set up technology, and defend against several types of attacks, seems have been accomplished. The program is in a fairly early stage, and it is really rough, the demo didn't work as planned, but I have little doubt it will soon. Zimmerman has the background and track record to do this right, and with luck, will do to calls what he did to data in the form of PGP. Keep an eye on zfone, it could be huge. µ

Odgovor na temu


Član broj: 65109
Poruke: 16

ICQ: 310


icon Re: VOIP uskoro kriptovan!14.08.2005. u 23:23 - pre 228 meseci
a već se razne organizacije i službe kao i same vlade guraju da nadgledaju promet odnosno da dobivaju logove tko koga zove... jebeš onda enkripciju kad provider ugovorom obeća trećoj strani da će joj dati uvid u razgovore...
Odgovor na temu

[es] :: VoIP :: VOIP uskoro kriptovan!

[ Pregleda: 2933 | Odgovora: 2 ] > FB > Twit

Postavi temu Odgovori

Lista poslednjih: 16, 32, 64, 128 poruka.