[Asterisk-Users] OT: recover complete AES keys
trixter http://www.0xdecafbad.com
trixter at 0xdecafbad.com
Mon May 23 15:11:43 MST 2005
According to this article it is possible to recover the complete AES
encryption key by monitoring traffic (ie sniffing). I have not yet had
time to review this method to see if it requires a bunch of special
situations to occur or not. They state that its based on the AES
algorithm and not the specific algorithm which indicates that anything
that does AES can potentially be compromised (including some
cryptophones, and other applications). Anyone using AES to secure their
VoIP traffic (VPN for example) may want to look for alternatives.
http://www.eweek.com/article2/0,1759,1818238,00.asp?kc=EWRSS03129TX1K0000614
--
Trixter http://www.0xdecafbad.com
UK +44 870 340 4605 Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20050523/ee385169/attachment.pgp
More information about the asterisk-users
mailing list