German ct magazine postulates death of pgp encryption

Christoph Anton Mitterer calestyo at scientia.net
Sat Feb 28 18:21:04 CET 2015


On Sat, 2015-02-28 at 13:28 +0100, Johan Wevers wrote: 
> In practice the Textsecure protocol works well of couyrse because it
> uses the phone number.
"In practise"... I guess that's also what most "normal" people believed
about their security before Snowden.

And a phone number is really no secure credential at all to prove one's
identity. o.O


> Most people I communicatw with often I even recognise by voice
> alone
Not sure what you refer to,... but if it's authentication schemes like
ZRTP (which TextSecure wouldn't use)... I'm quite sceptical about these.
The idea behind them (authentication via voice and some random string
which the peers say to each other and compare) may sound nice at a first
glance,... but little is known how good (or not) powerful organisations
can real-time fake voices. And even if not, how difficult can it be for
an organisation like the NSA to spy on you for a while and record enough
of your voice and then do a MitM?

> taking over the phone number is not going to work. I don't see
> even the NSA breaking that.
You seem to have missed all the years long discussion about how easy it
is to hack mobile systems? Even for novice criminals, etc.?
And this even assumes that everything in between (network operator,
phone manufacturer, OS manufacturer) is actually not evil, which is
unlikely as well.


Cheers,
Chris.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: </pipermail/attachments/20150228/e14164a2/attachment.bin>


More information about the Gnupg-users mailing list