[messaging] Audible public-key fingerprints
bascule at gmail.com
Tue Aug 19 21:15:14 PDT 2014
On Tue, Aug 19, 2014 at 9:09 PM, Arne Renkema-Padmos <
renkema.padmos at gmail.com> wrote:
> About communication of the fingerprint over the phone: maybe JackPair
> has some relevant insights?
This has to be one of the worst ideas I've seen in recent history.
We start with a Smartphone completely ready to be a handset for an
encrypted telephony app like RedPhone or Signal.
Except we don't trust it or something? So we try to airgap an encryption
key into a special purpose physical hardware. Both parties need the same
device to communicate. That's a lot harder than an app...
Except... if we don't trust our phone to do encryption, why are we using it
to make encrypted phone calls? If we're making POTS calls, we're on a
network that can triangulate our location, and if someone has compromised a
Smartphone enough to get encryption keys, they can probably use your
handset's microphone (or accelerometer) to figure out what you're saying.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging