A Mighty Number Falls
…
Although it is relatively easy to identify huge prime numbers, factoring, or breaking a number down into its prime components, is extremely difficult. RSA encryption, named for the three individuals who devised the technique (Ronald Rivest, Adi Shamir and Leonard Adleman), takes advantage of this. Using the RSA method, information is encrypted using a large composite number, usually 1024 bits in size, created by multiplying together two 150-or-so digit prime numbers. Only someone who knows those two numbers, the “keys”, can read the message. Because there is a vast supply of large prime numbers, it’s easy to come up with unique keys. Information encrypted this way is secure, because no one has ever been able to factor these huge numbers. At least not yet.
…
Does source code availability mean a more secure product?
Short answer: not necessarily.
Does the company provide all the code needed to compile the voice encryption product I can then install in my mobile phone or the one they include in the firmware of the phone they provide? If the answer is no, how do I know that the code they provide me for review is the same one they used to produce the software they installed in the phone? My understanding is that there is no way to verify that.
But even if the source code they are providing for review is the same one they used to compile their product, can’t the security be compromised by how their solution was implemented on the specific phone? Does it make sense to verify the encryption algorithm if I cannot make sure the other processes involved in securing my calls, including but not limited to voice de-coding and interaction with the phone OS, are also secure and free of programming errors or back-doors?
And who is reviewing the code? Is there any incentive to do it? Are good an honest people investing their time in reviewing source code published by second tier vendors? Probably not. That the code is available does not necessarily mean that it is reviewed.
The other day I stumbled upon the web site of a company selling voice encryption products, and I sadly read their conclusion of why other vendors may not be offering their source code for review. They state they can only assume that the other vendors have something to hide, or that they may be afraid of competition, or trying to protect “so called” “trade secrets.” How sad is that?
In relation to protecting their “trade secrets,” I hope that’s true. My understanding is that trade secret protection lasts for as long as the secret is kept confidential.
Also, what do they mean by “so called trade secrets”? If it means they have a strong position against intellectual property protection, fine. But then the question would be why are they not just releasing the software as open source? Could that impact their “so called bottom line”?
In their web site they also state that they “have no (trade) secrets”. Really?
(written by uzimanu on 4/26/2007)
Italy arrests 12 more in T.Italia wiretap case
MILAN, March 22 (Reuters) – Italian authorities have arrested 12 more people in connection with an investigation into illegal wiretapping by Telecom Italia (TLIT.MI: Quote, Profile, Research) staff and others, judicial sources told Reuters on Thursday.
The investigation began last year, and in September magistrates arrested several people including Telecom Italia’s former head of security, Giuliano Tavaroli.
Magistrates accuse those arrested of illegally obtaining information through wiretapping and computer hacking.
Those arrested on Thursday are mainly police officers who, magistrates suspect, participated in the illegal activities, the sources said.
http://investing.reuters.co.uk/news/articleinvesting.aspx?type=media&storyID=nL2286961
About Sigillu
Sigillu offers the safest and most efficient solution to keep your sensitive cellular conversations and text messages secure from eavesdropping.
Technorati
Subscribe to Sigillu Feeds
-
Recent Comments
Dan Mullens on Six ways to get online from an… Juan on PRENSA LIBRE CON ROSA MARIA PA… Juan on PRENSA LIBRE CON ROSA MARIA PA… thenonconformer on Police can snoop on every emai… Peter Hillier on Cops’ wiretap tech …
