[cryptography] Silent Circle Takes on Phones, Skype, Telecoms

Michael Rogers michael at briarproject.org
Fri Jul 11 06:59:29 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/07/14 11:27, James A. Donald wrote:
> On 2014-07-11 07:45, Kevin wrote:
>> On 7/10/2014 4:39 PM, John Young wrote:
>>> https://blog.silentcircle.com/why-are-we-competing-with-phone-makers-skype-and-telecom-carriers-all-in-the-same-week/
>>>
>
>>> 
> With silent circle, when Ann talks to Bob, does Ann get Bob's
> public key from silent circle, and Bob get Ann's public key from
> silent circle.

For phone calls they use ZRTP, so Ann and Bob can verbally compare
short authentication strings after the key exchange to detect a MITM,
*if* they know each other's voices and their voices can't be faked.
ZRTP carries keying material forward from one session to another so it
isn't necessary to do this every time.

For messaging it's the same, except the verbal confirmation happens
out-of-band. The protocol spec seems to have been taken offline
recently, but it's archived here:

https://web.archive.org/web/20140125121552/https://silentcircle.com/static/download/SCIMP%20paper.pdf

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTv8ORAAoJEBEET9GfxSfMZmoH/1ip9AmkhY+bVLtgpgYTOjrp
SRSgFIzaeGocGnMyBz1cgcxOaDOSNOATc8IpbhSVvmJue1VD43VlCv6Fvdwe0pid
nOBX/ZMY35hlil9Kte/STcDQDt6E3AYiaFlIXXVyU7y/35K2J6629fixPJc5yPVB
rHy1ew0HqvQFWfiztYK/fxptuWu81UAh9HIL3A9j1/N0eX1EpaKBgUFWRTzD/4Id
XSckanVjQ34JTJNuC0UbLXY7sz8ljSeFI3dGQQEFliODYNhy5eWn7JkL9oOj26AM
KcSdAp85KF6f7rRE36QC5NroS9iiDWzgcXLOy/cHgmH3uODWOA70vy1GxjYbhxQ=
=uakY
-----END PGP SIGNATURE-----


More information about the cryptography mailing list