On Wed, Aug 27, 2014 at 05:23:20PM -0700, Brian Warner wrote: > On 8/22/14, 5:50 PM, Andy Isaacson wrote: > > It seems a little silly to me too, but I'm encouraged to see new > > innovations in end user security systems, especially when they're not > > trying to do something fundamentally impossible and seem to have a > > reasonable grasp of what's required. > > Did anyone else get the sense that their "pairing code" is a truncated > hash of the session key, and thus vulnerable to the MitM forcing the two > session keys to achieve a partial collision of the codes? > > Sounds like a job for SAS[1] (Short Authenticated Strings). I haven't > thought through it too far, but I think speaking and verifying an 8 > digit code (4 from each side) would reduce the MitM's chance of success > down to 1-in-10k, no matter how much computation they spent trying for > collisions. SAS is unidirectional, so I think both sides have to emit > and compare a code (A->B + B->A), hence the 2x length requirement. But > maybe 1x is enough.
AFAIK the "read a short code, nobody can fake your voice in realtime" statement is no longer true against a state actor. There are COTS systems fielded to do voice impersonation in realtime. The unnatural action of "read some digits or a series of disconnected words" is nearly perfectly tuned for ease of impersonation. Research labs are showing success doing *video* impersonation in realtime (for webcam quality), recording impersonation after-the-fact for SD quality. Current research is shooting for HD quality after-the-fact and SD quality in realtime. (alas, no time to go dig up the references where I saw these. I think the low-quality-video-impersonation was in a paper from MSR.) -andy _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
