strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

Daniel Kahn Gillmor dkg at
Sat Feb 28 15:09:39 CET 2015

On Sat 2015-02-28 13:28:06 +0100, Johan Wevers wrote:

> In practice the Textsecure protocol works well of couyrse because it
> uses the phone number. One usually knows that number already from a
> contact. Most people I communicatw with often I even recognise by
> voice alone - taking over the phone number is not going to work. I
> don't see even the NSA breaking that.

We had this discussion recently over on messaging at
It's far from "trivial", but breaking voice-based authentication
(particularly in the already-noisy realm of mobile phone calls) with
high probability doesn't seem to be beyond serious researchers.

I recommend reading the thread and the referenced papers:


More information about the Gnupg-users mailing list