Authentication
At the beginning of the call, both users get the same session key by using the hash function. Then the session key becomes a confirm code. The confirm code could be 3 letters or 4 numbers, depending on the phone's manufacturer. In the crypto mode, the user reads the confirm code over the encrypted line to his communication partner and verifies the confirm code his partner reads back. If there is a discrepancy in the confirm code, a man-in-the-middle attack has been detected.
Read more about this topic: Crypto Phone