Questions about Published Source

Why is it so important to be able to review this ‘source code’?

The ‘source code’ is the blueprint of how the crypto-phone operates, and computer programmers can read this code. Cryptography/security is a fine art, and one simple error can introduce a serious flaw into the product. Customers of communication security devices have always had to fear not only programming errors, but also so called “back doors”. Such a back door would allow certain people to listen into encrypted calls at all times, for instance by revealing (part of) the cryptographic key during the call.

Introducing a back door into a crypto system does not even require active cooperation of the manufacturer of the equipment. All it takes is one bribed programmer to compromise an entire product.

We prevent this by allowing anyone to review our source code. And even if you do not understand the source code yourself you may find some comfort in the knowing there is a large academic community that likes a challenge, and will try to tackle our product. So any back door or programming error can (and will!) be found by eager students or security enthusiasts. Of course we tried our very best to write the code as well as we know how to. On top of this we have asked some of the world’s leading security consultants to look at critical parts of it. The conclusions of these ongoing evaluations are publicly >accessible. So in theory you would not need to trust us at all, because you could verify everything yourself. This public review process is also the only reliable method for us to make sure that we are the only one paying our developers ;-).

Why are you the only vendor offering the source code for review to anybody?

We can only assume the other vendors have something to hide. They might be afraid of competition and want to protect so called “trade secrets”. The nice thing about our product is that we have no (trade) secrets, and invite everyone to make interoperable products based on the published protocol. We believe in standards that are open for anybody to join – as long as they go and implement their own product and do not steal from our published source.

Some manufacturers of cryptographic equipment, that are also currently in the business of selling secure mobile phones, have a track record of hidden cooperation with intelligence agencies and interested private parties. Some of them are not even using publicly scrutinized and standardized crypto algorithms (like the Diffie-Hellman, SHA256, AES and Twofish that we use), but “proprietary” encryptionmethods that are not available for public evaluation. Several “proprietary” crypto-algorithms that were not subject to public review have been shown to be easily breakable in the past, like the COMP128 algorithm that is in use in many GSM networks for authentication, so the “proprietary crypto” approach has to be regarded as very risky. The CryptoPhone contains only algorithms that are published, well known and thoroughly reviewed by the academic cryptography community.

How can I make sure that the firmware on my CryptoPhone is compiled form the same source that you publish and have reviewed?

We take a number of steps to ensure that you really get the correct firmware. The source code repository for the CryptoPhone is held at a computer that only our trusted developers can make changes to, and that is secured against physical access. If you plan to purchase a larger batch of CryptoPhones, we can arrange for a dedicated procedure that enables you to supervise every production step from the source code you reviewed to the the binary that goes into your batch of phones.

Under what kind of license do you publish the source? Why is it not GPL?

The source is published strictly for the purpose of security review and verification. You are only allowed to compile it to verify the correctness of the CryptoPhone binary and you are required to delete the resulting binaries afterwards. The fact that we publish the source does not imply any right for partial or complete reuse of the source in free or commercial products. You can not further disseminate the source or port it to other platforms without our permission. If you think you discovered a security problem or other bug and want to submit a patch for it, please contact us at security@cryptophone.de.

The CryptoPhone is a commercial product, like PGP is. The development so far took considerable amounts of money and developing the CryptoPhone into the future will cost even more. So while we strongly believe in publishing our source for security review, we will not give it away for free. Maintaining the integrity of the CryptoPhone development and earning the money to further develop it, are two goals that are unfortunately at this point in time incompatible with a GPL license. We will use all legal means to ensure that no one tries to compete with us on the base of our published source. You are perfectly free to develop a compatible product on the base of the published CryptoPhone protocol, but not using our source.

Please read the license agreement for further details.

What is the right procedure to notify you of a security problem with the CryptoPhone?

Please send us an e-mail to security@cryptophone.de with a detailed full description if possible including source snippets and your contact coordinates (PGP encrypted mail preferred, see Contacts page for key). If you prefer to stay anonymous we are fine with that, but please make very sure we can reach you via an e-mail account of your choice.

We will contact you immediately to acknowledge that we received your message and begin checking into the problem at once. You will get a dedicated contact person assigned for the verification process, to make sure there are no glitches in the communication with you. We will in no way interfere with your right to be named as the discoverer of the problem and acknowledge your findings on the security section of our website upon publication. However we kindly ask you to hold publication until we provided a security update to our users, to make sure they are not left out in the cold with a security problem. Our goal is to have a maximum turnaround period of 30 days between reproduction of the problem and publication, depending on severity and impact. We will inform you on the progress of our fixing efforts on a regular and timely basis.

Finders of serious problems will be awarded the CryptoPhone Award for Extreme Cleverness and a present (guess what…).

FAQ Sections:

  • General Questions about Cryptophone Products
  • Questions about interception of GSM Calls
  • Questions about Cryptophone technology
  • Questions about published source code
  • Questions about purchase and usage of Cryptophone Products

Why is it so important to be able to review this ‘source code’? Why are you the only vendor offering the source code for review to anybody? Under what kind of license do you publish the source?