Why is the internal H.235 AES encryption procedure not sufficient?

For many users the H.235 functionality (H.235 Key Management) provides a sufficient basic safety. In the case of a professional access, however, there are a number of security breaches at this hybrid method. (assymmetrical at the beginning and than symmetrical).

In the case of a live attack at the beginning of the communication the exchange of Keys provides a good possibility for the approach. The used Diffie Hellman method is known for years for its vulnerability against "Man-in-the-Middle" attacks. Additionally, today possible key depths (AES 256 Bit, Diffie Hellmann 4096 Bit) are not achieved by far.

Used is an AES software encryption with a key depth of 128 bits, but manufacturers remain silent about the key depth of the Diffie Hellmann method. Since there is no possibility for the individualization of the enryption, keys or certificates, the system does not provide any individual protection for an enterprise. It often comes to compatibility problems in heterogeneous communications networks due to manufacturer specific customization, too. If one looks at the possibility that every connection in principle can become streamed, the possibilities of the cryptic analysis also have to be regarded.

With the knowledge about the employed encryption method and under consideration of the low key lengths, there is no real randomizer and a finite pool of Session Keys is used only, a cryptic analysis and the successful compromising of the transmitted information in principle is a question of time only.