[messaging] Viber's New End-to-End Authentication
wasabee18 at gmail.com
Sat Apr 23 00:08:44 PDT 2016
this may be the paper "Wiretapping via Mimicry: Short Voice Imitation
Man-in-the-Middle Attacks on Crypto Phones" 
On Sat, Apr 23, 2016 at 6:10 AM, Ben Laurie <ben at links.org> wrote:
> On 20 April 2016 at 17:54, Michael Farb <mwfarb at cmu.edu> wrote:
> > Does anyone know about the end to end messaging protocol used by Viber in
> > the release they announced yesterday? I believe it’s closed source, but
> > be curious to know if they have posted the general protocol anywhere.
> > not found anything yet. I’m curious to know if it’s based on the ratchet
> > used for Signal or not.
> > What I really like is the improved UX for authentication I’ve not seen
> > They use their own real-time channel (voice) to guide the user through
> > fingerprint readout. Now, real-time channels are available through many
> > tools, but I think this is the first time I’ve seen a text messaging
> > do this (ZRTP in video calls and voice calls notwithstanding).
> I can't find it right now, but there was a paper in the last year or
> so about attacking voice channels for fingerprinting by using a mitm
> with voice synthesis. Apparently it works pretty well.
> > What I’d like to see next: A way to prevent accepting the fingerprint
> > without reading it similar to SafeSlinger, with perhaps a shorter hash to
> > confirm.
> > Cheers,
> > Mike
> > Michael W. Farb
> > Research Programmer, Carnegie Mellon University CyLab
> > www.cylab.cmu.edu/safeslinger
> > _______________________________________________
> > Messaging mailing list
> > Messaging at moderncrypto.org
> > https://moderncrypto.org/mailman/listinfo/messaging
> Messaging mailing list
> Messaging at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging