<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Aug 19, 2014 at 9:09 PM, Arne Renkema-Padmos <span dir="ltr"><<a href="mailto:renkema.padmos@gmail.com" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=renkema.padmos@gmail.com&cc=&bcc=&su=&body=','_blank');return false;">renkema.padmos@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">About communication of the fingerprint over the phone: maybe JackPair<br>
has some relevant insights?<br>
<a href="https://www.kickstarter.com/projects/620001568/jackpair-safeguard-your-phone-conversation" target="_blank">https://www.kickstarter.com/projects/620001568/jackpair-safeguard-your-phone-conversation</a></blockquote>
<div><br></div><div>This has to be one of the worst ideas I've seen in recent history.</div><div><br></div><div>We start with a Smartphone completely ready to be a handset for an encrypted telephony app like RedPhone or Signal.</div>
<div><br></div><div>Except we don't trust it or something? So we try to airgap an encryption key into a special purpose physical hardware. Both parties need the same device to communicate. That's a lot harder than an app...</div>
<div><br></div><div>Except... if we don't trust our phone to do encryption, why are we using it to make encrypted phone calls? If we're making POTS calls, we're on a network that can triangulate our location, and if someone has compromised a Smartphone enough to get encryption keys, they can probably use your handset's microphone (or accelerometer) to figure out what you're saying.</div>
<div><br></div><div>Silly...</div></div><div><br></div>-- <br>Tony Arcieri<br>
</div></div>