On 2014-07-11 20:59, Michael Rogers wrote:
For phone calls they use ZRTP, so Ann and Bob can verbally compare
short authentication strings after the key exchange to detect a MITM,
*if* they know each other's voices and their voices can't be faked.
ZRTP carries keying material forward from one session to another so it
isn't necessary to do this every time.
For messaging it's the same, except the verbal confirmation happens
out-of-band. The protocol spec seems to have been taken offline
recently, but it's archived here:
https://web.archive.org/web/20140125121552/https://silentcircle.com/static/download/SCIMP%20paper.pdf
If it takes more than one click, end users are not going to do it.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
