[messaging] Short Auth Strings

Tony Arcieri bascule at gmail.com
Fri Jan 31 14:23:27 PST 2014

On Fri, Jan 31, 2014 at 11:17 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> wrote:

> On 01/31/2014 12:24 PM, Trevor Perrin wrote:
> > In practice, SAS are mostly used by phone
> > protocols, since users can speak the SAS to each other (assuming voice
> > impersonation is hard).
> Do we have backing for the assumption that "voice impersonation is
> hard"?

My VOICE is my PASSPORT verify ME? ;)

> This assumption seems like the Achilles heel of these schemes,
> and i wonder how much work has been done to test it.

What about simultaneous video and voice impersonation?

Indeed, Wikipedia suggests that the NSA has built systems to attack this
> problem 8 years ago

If your threat model includes Nation State Adversaries, I think all bets
are off...

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140131/73f2b736/attachment.html>

More information about the Messaging mailing list