On Sat 2015-02-28 13:28:06 +0100, Johan Wevers wrote: > In practice the Textsecure protocol works well of couyrse because it > uses the phone number. One usually knows that number already from a > contact. Most people I communicatw with often I even recognise by > voice alone - taking over the phone number is not going to work. I > don't see even the NSA breaking that.
We had this discussion recently over on [email protected]. It's far from "trivial", but breaking voice-based authentication (particularly in the already-noisy realm of mobile phone calls) with high probability doesn't seem to be beyond serious researchers. I recommend reading the thread and the referenced papers: http://moderncrypto.org/mail-archive/messaging/2015/001307.html --dkg _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
