On 07/11/2014 04:23 PM, StealthMonger wrote: >> While I'm interested in how they're doing that, I'm far more interested >> in how Ann convinces Bob that she is Ann, and Bob convinces Ann that he >> is Bob. We left the OpenPGP/cert building a long time ago, we need more >> than just 1980s PKI ideas with elegant proofs. > > Note there's a philosophical issue here. A very good actress could > convince Bob that she's Ann no matter how high the bandwidth of their > communication, such as intimate body contact.
Besides getting the timing of your MitM right, attacking ZRTP requires to mimic _both_ persons' voice. So you need (at best) more than one Eve that mimic Bob and Alice at the right time by speaking out some words displayed on the phones. I am leaving out all the details of Hash Commitments before ZRTP's DH etc, because they are not relevant here. There is a new somewhat related paper presented here on SOUPS about mimicing voice: https://www.usenix.org/system/files/conference/soups2014/soups14-paper-panjwani.pdf The next question here is how the implementation handles that verification. Does the implementation a) ask to cancel the call if something seems wrong or b) does it prevent you from proceeding by asking you "is the spoken word equals the displayed and sounds the voice like Bob?" yes/no. I don't know of any app that implements b), but I haven't tested SilentCircle's apps. I personally think that people will _not_ cancel the application without being explicitly ask to do so, even when the words do not sound like being said by your friend Bob. Conclusively, I think ZRTP is a nice approach, but thinking of your average Jonny: He will not cancel the conversation just because the voice sounds strange (only when the verification words were spoken, maybe the voice quality was just bad...) Regards Dominik
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
