Well the two big stories this week are the CISCO router problem and Philip “PGP” Zimmerman’s new project. Originally unveiled at Black Hat earlier this week his new crypted VOIP looks really interesting. Well it would have looked interesting if the demo had worked; eventually his partner just called on a cellphone. The goal is to return the “security” of land lines to the world of VOIP.
The app is based on the shtoom project (open source VOIP written in Python) and the crypto is strapped ontop. A nice feature of the protocol is hashing part of the previous conversation’s key into the current conversation. If you and the other person read the hash aloud and they match it means that this conversation and every previous one has been fully secure.
He’s shopping the project around to venture capital right now to make a commercial product written in C. The source will still be free though.
Most people have left by now, but they were able to get the demo going. It is funny to hear a secure call blasted over loud speakers. He’s got a switch in the software to switch off the packet decryption so you can hear what the wiretap hears