[messaging] Pour one out for "voice authentication"

[Jeff Burdges]

On 4 Jan 2015, at 0:10, Joseph Bonneau <jbonneau at gmail.com> wrote:
> Jeff is proposing a more complex channel where the information is buried in a long sequence of text. The hope here is that NLP is still sufficiently poor that this channel is AI-hard to replicate.

I’d voice in mind actually, well authentication is provided by voice and video in SAS protocols.  An attacker who can do full impersonation can key up their MITM attack with both parties asynchronously, maybe that’s what you said later.  

> This is an interesting idea, reminds me of "The Dining Freemasons" paper [2].

Thanks for the reading assignment!  ;)


Actually, a much better approach to SAS is : 
- Establish a text(x) function that uniquely determines a text from the session information x.  Text(x) could generate a sentence or two, a dialog, a poem, etc., or maybe even select some famous quotations.  
- Alice and Bob’s devices ask them to verbally compare text(x), discuss how it might be relevant to their conversation, and ideally refer back to it later in their conversation. 

If one used quotations, the unix fortune database has about 15k entries, not all of which are suitable, but wikiquote has like 12k english languages pages, each with multiple quotes.  And wikiquote has 100k pages across all languages.  You could even rotate quotations periodically throughout the conversation as your protocol’s ratchet progressed.  An AI who could keep up with that is pretty impressive, but quotes are entertaining enough that people might discuss them. 

Jeff