Re: [cryptography] Introducing SC4 -- feedback appreciated
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, what problem of traditional PGP implementations did you solve? * Looks like key exchange problem is still present (sent by mail) * Any key authentication? I don't see any verification or certification model. Regards Dominik On 04/17/2015 08:21 PM, stef wrote: ohio, On Fri, Apr 17, 2015 at 10:56:01AM -0700, Ron Garret wrote: 1. It is a standalone web application. putting keys in the browser is like putting keys in front of a dmz. browsers are not designed for this, they are designed for delivering impressions and services to you. the security features you find in any browser are there to secure the revenue-stream of some companies, not for the protection of the interests of its users. (same goes for phones), the tool might be good (haven't checked), but the foundation it's built on is sand. you want to isolate your keys, current end-host security does not provide much protection against some malware in case recovery of your keys becomes a priority. you also want to make sure the code running is authentic, with js delivered over the net this is quite hard to do verifiably (again, not your protection, industry revenues are the thing to protect). cheers,s ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBAgAGBQJVMVCNAAoJEHGMBwEAASKCdd0IAIP0zgu/GcT8V3RqjPGDqJ+K aoX2dneLwuPtYmCvoRRkv3iiCoc/XdefktJsF7bMKo4k1cnpq3+Y1mUa4kHG6PjK sBL5o0Jj9xKH3hTol18ownZB1oCZuKIsJB83+RdndjZdvdPqTl3mHldUkRWtyS6n sC7RM9THBHNRvBCWntYyolY0wsdpO61Aagq60joEeoQWM4Yb2l4hmLp10CTm6EJU 66SJoJkDR/VGCJHbFKUSHfJEsOPTyltbxUXR5hpvR+DpPPHO0l/e2uHzdQ3xLiKC jSi+GfQbCYoZIBc5Hzl0rmJjECP7Mg+LEts4aV66s3zpRjaDfe4Won1sUvFxU9M= =nwNR -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Silent Circle Takes on Phones, Skype, Telecoms
On 07/11/2014 04:23 PM, StealthMonger wrote: While I'm interested in how they're doing that, I'm far more interested in how Ann convinces Bob that she is Ann, and Bob convinces Ann that he is Bob. We left the OpenPGP/cert building a long time ago, we need more than just 1980s PKI ideas with elegant proofs. Note there's a philosophical issue here. A very good actress could convince Bob that she's Ann no matter how high the bandwidth of their communication, such as intimate body contact. Besides getting the timing of your MitM right, attacking ZRTP requires to mimic _both_ persons' voice. So you need (at best) more than one Eve that mimic Bob and Alice at the right time by speaking out some words displayed on the phones. I am leaving out all the details of Hash Commitments before ZRTP's DH etc, because they are not relevant here. There is a new somewhat related paper presented here on SOUPS about mimicing voice: https://www.usenix.org/system/files/conference/soups2014/soups14-paper-panjwani.pdf The next question here is how the implementation handles that verification. Does the implementation a) ask to cancel the call if something seems wrong or b) does it prevent you from proceeding by asking you is the spoken word equals the displayed and sounds the voice like Bob? yes/no. I don't know of any app that implements b), but I haven't tested SilentCircle's apps. I personally think that people will _not_ cancel the application without being explicitly ask to do so, even when the words do not sound like being said by your friend Bob. Conclusively, I think ZRTP is a nice approach, but thinking of your average Jonny: He will not cancel the conversation just because the voice sounds strange (only when the verification words were spoken, maybe the voice quality was just bad...) Regards Dominik signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography