-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is awesome! It's the mythical "ZRTP over an acoustic modem" problem. They have to do the key agreement by sending actual modem sounds as binary data. I spoke with someone working on a similar project last winter during the Eyebeam PRISM Breakup event. At least this project is identical to what I remember having a conversation about.
Sucks that RedPhone is used as the benchmark since they intercept calls to mislead the user into believing they made a secure call over the PSTN when in reality it's VoIP. - -lee On 8/20/14, 11:09 AM, Nathan of Guardian wrote: > > Interesting simple open hardware crypto voice device that uses > Codec2 now on Kickstarter: > https://www.kickstarter.com/projects/620001568/jackpair-safeguard-your-phone-conversation > > Good comments from Tom below.... > > > -------- Forwarded Message -------- Subject: [messaging] JackPair > Date: Wed, 20 Aug 2014 09:54:04 -0500 From: Tom Ritter > <[email protected]> To: Tony Arcieri <[email protected]> CC: messaging > <[email protected]> > > On 19 August 2014 23:15, Tony Arcieri <[email protected]> wrote: >> On Tue, Aug 19, 2014 at 9:09 PM, Arne Renkema-Padmos >> <[email protected]> wrote: >>> >>> About communication of the fingerprint over the phone: maybe >>> JackPair has some relevant insights? >>> >>> https://www.kickstarter.com/projects/620001568/jackpair-safeguard-your-phone-conversation >> >> >> >>> This has to be one of the worst ideas I've seen in recent history. > > Disagree :) > >> We start with a Smartphone completely ready to be a handset for >> an encrypted telephony app like RedPhone or Signal. > > Well, not always. Sometimes we start with a flip burner phone, or > a POTS line, or a device without a radio (iPod), etc. > >> Except we don't trust it or something? So we try to airgap an >> encryption key into a special purpose physical hardware. > > If you have a smartphone, you're right you probably do trust it. > But the ability to airgap onto dedicated hardware is desirable for > a small percentage of people. I don't know if it's enough to > support tremendous development in the area, but I would like to see > some excursions into it. > >> Both parties need the same device to communicate. That's a lot >> harder than an app... > > Harder is relative. Harder to distribute physically: yes. Harder > to use or understand: I'm not so certain. I would _love_ to see a > usability study of Signal, RedPhone, and this. > >> Except... if we don't trust our phone to do encryption, why are >> we using it to make encrypted phone calls? If we're making POTS >> calls, we're on a network that can triangulate our location > > I'm not sure why you're mixing content encryption with location > privacy. > >> , and if someone has compromised a Smartphone enough to get >> encryption keys, they can probably use your handset's microphone >> (or accelerometer) to figure out what you're saying. > > I have strong doubts about accelerometer-based audio pickup in > real-world settings. It sounds a lot like stunt hacking to me. If > one compromises a smartphone thoroughly, yes, you should be able > to exfiltrate plaintext audio through the handset mic. > > > I see JackPair as many things, all of which I want to encourage: a) > Open source encryption HARDWARE (I think...) b) Low-Cost (not as > low as I'd like, but still low) dedicated hardware devices c) With > hardcoded keys in a second-generation device, this becomes a > MITM-proof device that requires no key distribution: hand off the > device and key distribution is done d) Tackling 'legacy' cellular > and POTS networks head-on > > > -tom _______________________________________________ Messaging > mailing list [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > > > _______________________________________________ Guardian-dev > mailing list > > Post: [email protected] List info: > https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe Send email to: > [email protected] Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info > > You are subscribed as: [email protected] > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJT9bdDAAoJEKhL9IoSyjdlaREP/1OXhG2elFZQk2U6mV5T4V/o FIE7DgjArBaOt6nEz7y//FHzr23Dgal9bkhFiudlztjtjjbdz33rvb6MtCL2mEOe HUk/F9hQLsVtAPpsQWnywk/VPgyD4oEqHeIQzoh5UXWH64VKbAn4pvvKUN1tf12c s9mJkLB6ZtuAimMIIZdsYFbpwLF4vWlVIHkgbn6/OZQKtjkBt7zH0mbQT6erHsR/ oVrjdL2xnBj8gYpfdtZBTAGapPfFmZFX4i9pPtPta30N49jCUeK4pV5eO4cMBxYi ttOPqOYd7OOoXB5a/dYJQuk4cG94AIiabg0i795n5h3oyXxEfjjmmvTvy3oImrgq iChTlpzI3xXuInAWSail6jlwlbJibBbi3FpvHyFoM8nrO/DJIx7sOmdWtnWh7Mo5 l7a/ZKWKZYwXPwREJ085P6Cnw7v/1orIBHFa4lei2bI2V6o39MMkr+tugAeqkxl3 3+nA4aoWGJhLGasTkoWzaznE80gIQgPrJ3pKIat7l7CqJGz3cyJo+cuZnigBWLN1 gWhnnnH1L5pYvKk2CtCTpt7WbWRQ+T+/UIo33apa0zSP01pDfOdWZJ0mxC3fXHpa 10ZbNx+gn5XBHGyfZeLqSKQ0nqPEEp6Ddq8XICpIpIMhmcYH7PcxEu2x5wR6bsYq qToe0r2eEGOsrGu3gQNC =yzzQ -----END PGP SIGNATURE----- _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
