[messaging] Short Auth Strings
Tony Arcieri
bascule at gmail.com
Fri Jan 31 14:23:27 PST 2014
On Fri, Jan 31, 2014 at 11:17 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> wrote:
> On 01/31/2014 12:24 PM, Trevor Perrin wrote:
> > In practice, SAS are mostly used by phone
> > protocols, since users can speak the SAS to each other (assuming voice
> > impersonation is hard).
>
> Do we have backing for the assumption that "voice impersonation is
> hard"?
My VOICE is my PASSPORT verify ME? ;)
> This assumption seems like the Achilles heel of these schemes,
> and i wonder how much work has been done to test it.
>
What about simultaneous video and voice impersonation?
Indeed, Wikipedia suggests that the NSA has built systems to attack this
> problem 8 years ago
If your threat model includes Nation State Adversaries, I think all bets
are off...
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140131/73f2b736/attachment.html>
More information about the Messaging
mailing list