Philip Zimmermann wrote in 1996 (PGPfone Owner’s Manual): "There is still one difficult ploy that Eve can do to pull off the attack anyway. She can imitate Bob’s voice to Alice, and Alice’s voice to Bob, reading a different authentication word sequence to each of them. I call this the “Rich Little” attack (named after a voice impersonator who did a really great Dick Nixon). This is a daring attack -- meaning there is a high risk of the attack being detected."
Professional actor is much cheaper and more real for mounting MitM in real time, given the distortions introduced by the codec. Last year I worked on deniable voice authentication for Session Initiation of the Axolotl-like email protocol without using PKI, but declined due to insecurity. The idea is in document: http://torfone.org/download/auth.pdf Van Gegel _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
