[cryptography] Silent Circle Takes on Phones, Skype, Telecoms
michael at briarproject.org
Fri Jul 11 06:59:29 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 11/07/14 11:27, James A. Donald wrote:
> On 2014-07-11 07:45, Kevin wrote:
>> On 7/10/2014 4:39 PM, John Young wrote:
> With silent circle, when Ann talks to Bob, does Ann get Bob's
> public key from silent circle, and Bob get Ann's public key from
> silent circle.
For phone calls they use ZRTP, so Ann and Bob can verbally compare
short authentication strings after the key exchange to detect a MITM,
*if* they know each other's voices and their voices can't be faked.
ZRTP carries keying material forward from one session to another so it
isn't necessary to do this every time.
For messaging it's the same, except the verbal confirmation happens
out-of-band. The protocol spec seems to have been taken offline
recently, but it's archived here:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography