strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Feb 28 15:09:39 CET 2015
On Sat 2015-02-28 13:28:06 +0100, Johan Wevers wrote:
> In practice the Textsecure protocol works well of couyrse because it
> uses the phone number. One usually knows that number already from a
> contact. Most people I communicatw with often I even recognise by
> voice alone - taking over the phone number is not going to work. I
> don't see even the NSA breaking that.
We had this discussion recently over on messaging at moderncrypto.org.
It's far from "trivial", but breaking voice-based authentication
(particularly in the already-noisy realm of mobile phone calls) with
high probability doesn't seem to be beyond serious researchers.
I recommend reading the thread and the referenced papers:
http://moderncrypto.org/mail-archive/messaging/2015/001307.html
--dkg
More information about the Gnupg-users
mailing list