[messaging] JackPair

Andy Isaacson adi at hexapodia.org
Wed Aug 27 17:33:03 PDT 2014


On Wed, Aug 27, 2014 at 05:23:20PM -0700, Brian Warner wrote:
> On 8/22/14, 5:50 PM, Andy Isaacson wrote:
> > It seems a little silly to me too, but I'm encouraged to see new
> > innovations in end user security systems, especially when they're not
> > trying to do something fundamentally impossible and seem to have a
> > reasonable grasp of what's required.
> 
> Did anyone else get the sense that their "pairing code" is a truncated
> hash of the session key, and thus vulnerable to the MitM forcing the two
> session keys to achieve a partial collision of the codes?
> 
> Sounds like a job for SAS[1] (Short Authenticated Strings). I haven't
> thought through it too far, but I think speaking and verifying an 8
> digit code (4 from each side) would reduce the MitM's chance of success
> down to 1-in-10k, no matter how much computation they spent trying for
> collisions. SAS is unidirectional, so I think both sides have to emit
> and compare a code (A->B + B->A), hence the 2x length requirement. But
> maybe 1x is enough.

AFAIK the "read a short code, nobody can fake your voice in realtime"
statement is no longer true against a state actor.  There are COTS
systems fielded to do voice impersonation in realtime.  The unnatural
action of "read some digits or a series of disconnected words" is nearly
perfectly tuned for ease of impersonation.

Research labs are showing success doing *video* impersonation in
realtime (for webcam quality), recording impersonation after-the-fact
for SD quality.  Current research is shooting for HD quality
after-the-fact and SD quality in realtime.

(alas, no time to go dig up the references where I saw these.  I think
the low-quality-video-impersonation was in a paper from MSR.)

-andy


More information about the Messaging mailing list