[guardian-dev] Vodaphone Encrypted Phone

[ShootAKite at riseup.net]

Despite elliptic curves cryptography first being introduced in the 1970s
it turns out we don't know if it's actually secure.  The easiest way to
get after ECC is by using software like GDLOG to solve for discrete
logarithm.  This would allow forging of ECC signatures for a replay
attack. 

The most understood way to keep encrypted data secure is by increasing
key length on a well-understood encryption algorithm.  Hard to do when
key (and crypto coprocessor?) are on a SIM.
A

On 03/12/2014 01:18 AM, Matej Kovacic wrote:
> Hi,
>
>> I saw Vodaphone's new encrypted phone which stores digital private keys
>> and corresponding certificates on a SIM card.  SIM cards have very
>> limited storage capacity so not a great place to store a private key.  
>> If I was working at Vodaphone I would have added that conversations are
>> only encrypted if you don't piss of anyone who's downloaded Cain and
>> Abel to brute-force your private key.
> In fact, storing private keys on a SIM card is not so bad idea, because
> SIM card is a place when your mobile identity is stored. If that keys
> would be used for end-to-end encrypted communications, that would be a
> step forward.
>
> Of course, space on a SIM card is limited. But what about  using
> elliptic curves which can use shorter keys?
>
> Anyway, this is also interesting:
>
> http://nelenkov.blogspot.com/2013/09/using-sim-card-as-secure-element.html
>
> https://github.com/nelenkov/sim-password-manager
>
> Regards,
>
> M.
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/shootakite%40riseup.net
>
> You are subscribed as: shootakite at riseup.net
>