[cryptography] Silent Circle Takes on Phones, Skype, Telecoms

James A. Donald jamesd at echeque.com
Fri Jul 11 07:59:47 EDT 2014


On 2014-07-11 20:59, Michael Rogers wrote:
> For phone calls they use ZRTP, so Ann and Bob can verbally compare
> short authentication strings after the key exchange to detect a MITM,
> *if* they know each other's voices and their voices can't be faked.
> ZRTP carries keying material forward from one session to another so it
> isn't necessary to do this every time.
>
> For messaging it's the same, except the verbal confirmation happens
> out-of-band. The protocol spec seems to have been taken offline
> recently, but it's archived here:
>
> https://web.archive.org/web/20140125121552/https://silentcircle.com/static/download/SCIMP%20paper.pdf

If it takes more than one click, end users are not going to do it.




More information about the cryptography mailing list