German ct magazine postulates death of pgp encryption

Christoph Anton Mitterer calestyo at scientia.net
Sat Feb 28 19:17:56 CET 2015 

On Sat, 2015-02-28 at 19:01 +0100, Johan Wevers wrote: 
> No it's not, it is much simpler. When I call my wife and are in fact
> connected with a computer or agent impersonating her, they are unlikely
> being able to copy her voice so good that I don't hear it.
I guess you've missed some developments in research here (see Daniel's
post) - and this is just the publicly known research.


> And even if
> they are, I think it's very unprobable they would be able to fool me due
> to them missing context.
They don't need to know any content. And they don't need to fake her all
the time.

When "they" MitM you, they just need to wait for the time when you'd
actually to mutual authentication via saying some "code" or whatever the
ZRTP implementation gives you.
Only then they need to mute the real "her" and let the faked "her" say
the code for their (evil) DH connection with you - and vice versa.

I'm not sure what the most recent ZRTP implementations do... but is it
more than numbers, letters or simple words?
Nothing one couldn't fake or perhaps pre-record somewhere in the real
world.

Of course they might still not be able to imposture her completely - in
the sense that "she" tells you to send all your savings via PayPal to
calestyo at scientia.net (which would be surely a good idea ;-) ) - But
it's enough for them to eavesdrop.


> And even if it would be possible, it would require so much manpower to
> make it unusable for mass surveilance. It would probably only be used
> against very high-priority targets of the caliber Bin Laden.
btw: I don't think that GnuPG's only intent is to fight against mass
surveillance.
I mean mass surveillance *is* of course a problem - but at least none
that will usually have any directly measurable negative effect on the
victim (again I'm not talking about the negative effect on his liberties
here).
The NSA has definitely read most of my mails (as they go to public lists
^^) but since I'm no criminal, neither someone like Snowden, Greenwald
or Assange - they simply don't care about me.

But such people or Iranian dissidents and that like ... probably want
some system which not only protects them against mass surveillance but
also gives them at least the best possible safety against dedicated
surveillance of single targets.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: </pipermail/attachments/20150228/1c6af60e/attachment.bin>

More information about the Gnupg-users mailing list