[messaging] Pour one out for "voice authentication"

Van Gegel torfone at ukr.net
Mon Jan 5 01:07:32 PST 2015

Philip Zimmermann wrote in 1996 (PGPfone Owner’s Manual):

"There is still one difficult ploy that Eve can do to pull off the attack anyway.  She can imitate Bob’s voice to Alice, and Alice’s voice to Bob, reading a different authentication word sequence to each of them.  I call this the “Rich Little” attack (named after a voice impersonator who did a really great Dick Nixon).  This is a daring attack -- meaning there is a high risk of the attack being detected."

Professional actor is much cheaper and more real for mounting MitM in real time, given the distortions introduced by the codec.

Last year I worked on deniable voice authentication for Session Initiation of the Axolotl-like email protocol without using PKI, but declined due to insecurity. The idea is in document:

Van Gegel

More information about the Messaging mailing list