| Science Forum Index » Cryptography Forum » Q: AES product... |
|
Page 1 of 1 |
|
| Author |
Message |
| Mok-Kong Shen... |
 Posted: Wed Oct 21, 2009 6:49 am |
|
|
|
Guest
|
Are there tiny handheld devices on the market that can do AES with
I/O in ASCII/hex or even better software that could be easily
installed on the more modern mobile phones for SMS security or whatever?
Thanks,
M. K. Shen |
|
|
| Back to top |
|
|
|
| incog... |
| Posted: Wed Oct 21, 2009 7:49 am |
|
|
|
Guest
|
AES is maybe too much (complicated) for a handheld, but have a look at this
free solution : http://www.cs.uku.fi/~mhassine/SafeSMS/ .
"Mok-Kong Shen" <mok-kong.shen at (no spam) t-online.de> a écrit dans le message de news:
hbn01r$ohv$00$1 at (no spam) news.t-online.com...
[quote]
Are there tiny handheld devices on the market that can do AES with
I/O in ASCII/hex or even better software that could be easily
installed on the more modern mobile phones for SMS security or whatever?
Thanks,
M. K. Shen[/quote] |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Wed Oct 21, 2009 2:33 pm |
|
|
|
Guest
|
incog wrote:
[quote]AES is maybe too much (complicated) for a handheld, but have a look at this
free solution : http://www.cs.uku.fi/~mhassine/SafeSMS/ .
[/quote]
My knowledge is too humble and my own mobile phone is rather old.
But seeing the versatile capabilities of more modern mobiles phones,
I wonder why AES couldn't be installed on them. Storage capacity
certainly isn't a problem. High speed isn't unconditionally necessary
for SMS etc.
Thanks,
M. K. Shen |
|
|
| Back to top |
|
|
|
| amzoti... |
| Posted: Thu Oct 22, 2009 5:09 am |
|
|
|
Guest
|
On Oct 21, 1:33 pm, Mok-Kong Shen <mok-kong.s... at (no spam) t-online.de> wrote:
[quote]incog wrote:
AES is maybe too much (complicated) for a handheld, but have a look at this
free solution :http://www.cs.uku.fi/~mhassine/SafeSMS/.
My knowledge is too humble and my own mobile phone is rather old.
But seeing the versatile capabilities of more modern mobiles phones,
I wonder why AES couldn't be installed on them. Storage capacity
certainly isn't a problem. High speed isn't unconditionally necessary
for SMS etc.
Thanks,
M. K. Shen
[/quote]
I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power). |
|
|
| Back to top |
|
|
|
| Tom St Denis... |
| Posted: Thu Oct 22, 2009 5:21 am |
|
|
|
Guest
|
On Oct 22, 11:09 am, amzoti <amz... at (no spam) gmail.com> wrote:
[quote]On Oct 21, 1:33 pm, Mok-Kong Shen <mok-kong.s... at (no spam) t-online.de> wrote:
incog wrote:
AES is maybe too much (complicated) for a handheld, but have a look at this
free solution :http://www.cs.uku.fi/~mhassine/SafeSMS/.
My knowledge is too humble and my own mobile phone is rather old.
But seeing the versatile capabilities of more modern mobiles phones,
I wonder why AES couldn't be installed on them. Storage capacity
certainly isn't a problem. High speed isn't unconditionally necessary
for SMS etc.
Thanks,
M. K. Shen
I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power).
[/quote]
It's pretty foolish to think even phones from 10 years ago couldn't
handle AES encrypting 140 bytes of data without eating the battery.
The real reason they don't come standard with crypto is in a lot of
cases it's ILLEGAL to encrypt messages to be sent over radio. I
believe that's changed since then in quite a few countries [I'm
talking back in the packet radio days...] but SMS is a fairly old
design and it's used all over the planet. I'd be surprised if there
weren't countries were radio traffic was allowed to be encrypted by
civilians.
Tom |
|
|
| Back to top |
|
|
|
| Joseph Ashwood... |
| Posted: Thu Oct 22, 2009 8:39 am |
|
|
|
Guest
|
"Mok-Kong Shen" <mok-kong.shen at (no spam) t-online.de> wrote in message
news:hbnr6j$fgf$03$1 at (no spam) news.t-online.com...
[quote]incog wrote:
AES is maybe too much (complicated) for a handheld,
[/quote]
It isn't. Have a look at reality, you'll find that AES, properly
implemented, is sufficiently fast on small devices, this was was in fact one
of the considerations in the selection process.
[quote]but have a look at this free solution :
http://www.cs.uku.fi/~mhassine/SafeSMS/ .
[/quote]
And never have security ever again. I was going to do a basic code review,
but it fails even the most basic code check (compilation). However I took a
quick look anyway. Among the low points, directly using the user password to
key Blowfish, and that's only if you set it to blowfish instead of the
propriety one I didn't even bother looking at, and of course the apparent
use of ECB mode. In short, completely, utterly, permanently, irrevocably,
pathetically insecure.
[quote]My knowledge is too humble and my own mobile phone is rather old.
But seeing the versatile capabilities of more modern mobiles phones,
I wonder why AES couldn't be installed on them. Storage capacity
certainly isn't a problem. High speed isn't unconditionally necessary
for SMS etc.
[/quote]
There have been a few pay apps that implemented it, I don't know of any free
off-hand.
Joe |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Thu Oct 22, 2009 12:35 pm |
|
|
|
Guest
|
Tom St Denis wrote:
[quote]amzoti <amz... at (no spam) gmail.com> wrote:
I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power).
It's pretty foolish to think even phones from 10 years ago couldn't
handle AES encrypting 140 bytes of data without eating the battery.
The real reason they don't come standard with crypto is in a lot of
cases it's ILLEGAL to encrypt messages to be sent over radio. I
believe that's changed since then in quite a few countries [I'm
talking back in the packet radio days...] but SMS is a fairly old
design and it's used all over the planet. I'd be surprised if there
weren't countries were radio traffic was allowed to be encrypted by
civilians.
[/quote]
There are very likely countries today where encrpytions by civil
people would be considered something against the interest of
the governments. But isn't it that in the democratic (or at least
officially democratic) countries encryptions are allowed? If so,
then, if encryptions of e-mails is ok., why isn't encryptions
of SMS over mobile phone not o.k.? Anyway, I stronly guess
that in the majority of countries the use of AES to achieve
communication security by civil people isn't against the law.
The question now is, with such a large potential application
area, why hasn't AES yet been available on mobile phones (either
as commercial software or shareware/freeware)?
M. K. Shen |
|
|
| Back to top |
|
|
|
| Blind Anagram... |
| Posted: Fri Oct 23, 2009 1:25 am |
|
|
|
Guest
|
"amzoti" <amzoti at (no spam) gmail.com> wrote in message
news:0c534fde-0c7c-4973-816c-ca89151b0ca2 at (no spam) 2g2000prl.googlegroups.com...
On Oct 21, 1:33 pm, Mok-Kong Shen <mok-kong.s... at (no spam) t-online.de> wrote:
[quote]incog wrote:
AES is maybe too much (complicated) for a handheld, but have a look at
this
free solution :http://www.cs.uku.fi/~mhassine/SafeSMS/.
My knowledge is too humble and my own mobile phone is rather old.
But seeing the versatile capabilities of more modern mobiles phones,
I wonder why AES couldn't be installed on them. Storage capacity
certainly isn't a problem. High speed isn't unconditionally necessary
for SMS etc.
Thanks,
M. K. Shen
[/quote]
I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power).
I know of several mobile phone companies who have licensed my own AES code
for use on their products. At least one of them did this more than six years
ago.
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4535 (20091023) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Fri Oct 23, 2009 1:10 pm |
|
|
|
Guest
|
Blind Anagram wrote:
[quote]I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power).
I know of several mobile phone companies who have licensed my own AES
code for use on their products. At least one of them did this more than
six years ago.
[/quote]
Do you happen to know whether such a feature has been included
in the products currently being offered by them?
M. K. Shen |
|
|
| Back to top |
|
|
|
| Blind Anagram... |
| Posted: Fri Oct 23, 2009 3:16 pm |
|
|
|
Guest
|
Mok-Kong Shen wrote:
[quote]Blind Anagram wrote:
I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power).
I know of several mobile phone companies who have licensed my own AES
code for use on their products. At least one of them did this more
than six years ago.
Do you happen to know whether such a feature has been included
in the products currently being offered by them?
[/quote]
In some cases yes, others no.
A frequent use of AES in mobile phones is to offer encrypted 802.11
wireless network connectivity. |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Sat Oct 24, 2009 11:54 am |
|
|
|
Guest
|
Blind Anagram wrote:
[quote]Mok-Kong Shen wrote:
Blind Anagram wrote:
I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power).
I know of several mobile phone companies who have licensed my own AES
code for use on their products. At least one of them did this more
than six years ago.
Do you happen to know whether such a feature has been included
in the products currently being offered by them?
In some cases yes, others no.
A frequent use of AES in mobile phones is to offer encrypted 802.11
wireless network connectivity.
[/quote]
This seems to imply that currently there aren't mobile phones on
the market such that a normal user could send an SMS encrypted
by AES with his own secret key. If this is in fact the case, I wonder
why it is so? I mean: Do all users have no need at all of communication
security, or is it perhaps something delicate in the firms' marketing
policy?
M. K. Shen |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Sun Oct 25, 2009 4:10 am |
|
|
|
Guest
|
Mok-Kong Shen wrote:
[quote]This seems to imply that currently there aren't mobile phones on
the market such that a normal user could send an SMS encrypted
by AES with his own secret key. If this is in fact the case, I wonder
why it is so? I mean: Do all users have no need at all of communication
security, or is it perhaps something delicate in the firms' marketing
policy?
[/quote]
I know almost nothing about hardware but "speculate" whether it could
even be feasible to encrypt voice with AES on the more modern mobile
phones, which apparently possess quite substantial processing capacity.
M. K. Shen |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Tue Oct 27, 2009 2:10 am |
|
|
|
Guest
|
incog wrote:
[quote]AES is maybe too much (complicated) for a handheld, .....
[/quote]
If a special (and hence likely cheaper) handheld for AES is not
available, implementing AES on palmtops shouldn't pose any problems,
I suppose.
M. K. Shen |
|
|
| Back to top |
|
|
|
| xolo... |
| Posted: Tue Oct 27, 2009 10:02 pm |
|
|
|
Guest
|
On Oct 27, 10:10 am, Mok-Kong Shen <mok-kong.s... at (no spam) t-online.de> wrote:
[quote]incog wrote:
AES is maybe too much (complicated) for a handheld, .....
If a special (and hence likely cheaper) handheld for AES is not
available, implementing AES on palmtops shouldn't pose any problems,
I suppose.
M. K. Shen
[/quote]
Hi
Doesn't Blackberry (the latest one) support AES and Tripple DES
already? I don't own one per se but I've heard that for Obama needed
such encryption capabilities to in order to continue using his
Blackberry. In practice therefore mobile phones should be able to
support AES.
Regards,
Xolo |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Wed Oct 28, 2009 3:10 am |
|
|
|
Guest
|
xolo wrote:
[quote]Mok-Kong Shen wrote:
If a special (and hence likely cheaper) handheld for AES is not
available, implementing AES on palmtops shouldn't pose any problems,
I suppose.
Doesn't Blackberry (the latest one) support AES and Tripple DES
already? I don't own one per se but I've heard that for Obama needed
such encryption capabilities to in order to continue using his
Blackberry. In practice therefore mobile phones should be able to
support AES.
[/quote]
I also believe that possiblity of implementation shouldn't be an
issue on the more modern devices. The point is, given a common need
for communication security, why AES is not yet available on mobile
phones in the market for the general public. (Anyway, I haven't seen
such features advertised in my local mobile phone shops.)
M. K. Shen |
|
|
| Back to top |
|
|
|
|
