can someone give a few lines of explanation on how the Retained shared
Secret (RS) is used in ZRTP?
second, is it possible for an attacker to force an RS validation error
(e.g. simulating network connection error by having a router drop
packets) and then MiTM the DH handshake?
the SAS is only 4 characters. presumably this is ascii so 2^27 = 531441
possibilities. On average the active MiTM attacker would need to try
only half of them (real time) to find a collision.
Do parties first commit (e.g. send H(N,g^x)) prior to sending their g^x
to avoid the latter problem?
If so, then what's the use of the SAS?
Sorry if all those questions are trivial...
Wasa
On 23/05/2013 19:05, Dominik Schürmann wrote:
They have implemented ZRTP for end to end security. It works with a
diffie hellman key exchange, while protecting against man-in-the-middle
attackers by comparing Short Authentication Strings (SAS). When you know
the voice of the other person you can exclude Eve.
see https://jitsi.org/Documentation/ZrtpFAQ
Regards
Dominik
On 23.05.2013 20:01, Jonas Wielicki wrote:
Jitsi is XMPP or SIP. For the text-part, they have built-in support for
OTR. Otherwise, there is no end-to-end secrecy as far as I know.
For voicecalls, they have something similar, with some shared-secret
verification which is validated using the text-channel, which is best
secured with OTR I guess.
I know of no throughout reviews of their model though.
regards,
Jonas
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography