strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

Johan Wevers johanw at
Sat Feb 28 18:54:21 CET 2015

On 28-02-2015 15:09, Daniel Kahn Gillmor wrote:

> We had this discussion recently over on messaging at

What is described there is a much more confined problem.

> It's far from "trivial", but breaking voice-based authentication
> (particularly in the already-noisy realm of mobile phone calls) with
> high probability doesn't seem to be beyond serious researchers.

Fooling a computer that a certain voice belongs to someone else, sure,
I'm sure that is or will be possible. Fooling me that a short, fixed
string is spoken by someone I know when in fact it is not, sure, that too.

But fooling me that the person on the other end of the line is someone I
know well by only technically impersonating his voice while having an
actual conversation... I don't believe it very likely to happen in the
near future. Perhaps it could work on someone I barely know, but pick
only once the wrong person and I might become very suspicious. It
requires not only changing the voice but also solving a problem much
harder than the classic Turing test. For once, it requires much
contextual knowledge about what both persons know of each other.

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list