

Ask HN: End-to-end voice encryption AD/DA-hardware via 3.5-mm jack - JoelJacobson

Since you cannot trust the hardware of any mobile phone anymore and no apps running inside them, I think the only way to ensure not being wiretapped would be to do the encryption outside of the mobile phone.<p>Would it be possible to establish a connection between two external AD&#x2F;DA devices which you would plug in to the normal 3.5-mm headphone minijack, and let them do a handshake, much like an old fashioned modem, and then exchange RSA key pairs, and then encrypt the voice data over this connection?<p>The quality would of course not be as good, but maybe it would suffice? What bit rate would be possible to achieve and how would one design such a thing?<p>I&#x27;m thinking to start an open-source project where both the hardware and the software would be made open-source so people could build their own devices, and communicate securely with each other as long as all devices built share the same protocol.<p>Would it be possible to reuse some modem chips for this purpose?<p>Thanks to using the standard 3.5-mm headphone minijack, the device would work with just any phone, tablet or computer.<p>Is this a crazy impossible idea or could it work?
======
mchannon
It could work, though you would want to do some trial and error with different
algorithms; in particular, you'd want to ensure that the compression doesn't
screen out the quality of the call.

It would not be a trivial problem to solve, as these compression technologies
are designed to be used for standard speech patterns, not (to the outside
observer) garbled speech patterns. They normally do an amazing amount of
compression while still sounding largely unmodified to your ear.

I'd make an encryption algorithm with a passkey that is handkeyed into both
adapters, breaks every 100ms of speech into 10ms pieces, and reorders them
according to the algorithm. Certain parts of speech would probably still get
muddied by the time they were passed in and out of compression.

I'm sure someone's already successfully tried it and you can buy their wares
somewhere on the internet (maybe with a pit stop at a certain place on their
way to you).

------
JoelJacobson
The alternative would be to build an entire phone, like the Blackphone, but
that seems like a hassle and then you can't use your favourite mobile brand,
whatever that might be.

For any end-to-end encryption project to succeed, it would need to be all of
the following: a) very cheap b) open-source hardware + software + PCB layout
c) compatible with all existing mobile phones d) easy to build your self using
standard components

------
DanBC
Have you heard of PGPfone?

[http://en.m.wikipedia.org/wiki/PGPfone](http://en.m.wikipedia.org/wiki/PGPfone)

~~~
JoelJacobson
Looks like it's not maintained anymore, but could be a start for at least the
software part of the project. The hardware is probably the most tricky part in
this project. Any such projects out there?

