Zfone and ZRTP :: encryption for voip protocols
Damien Miller
djm at mindrot.org
Fri Mar 17 00:19:09 EST 2006
On Wed, 15 Mar 2006, Ed Gerck wrote:
> cybergio wrote:
> >
> > Zfone :: http://www.philzimmermann.com/EN/zfone/index.html
>
> "...it achieves security without reliance on a PKI, key certification,
> trust models, certificate authorities, or key management..."
>
> Good. But, uf course, there's a trust model and you need to rely on it.
Points to them for making it explicit.
> "...allows the detection of man-in-the-middle (MiTM) attacks by
> displaying a short authentication string for the users to read and
> compare over the phone."
>
> Depends on the trust model. May not work.
This is incomplete. The paragraph goes on to say:
> we still get fairly decent authentication against a MiTM attack, based
> on a form of key continuity. It does this by caching some key material
> to use in the next call, to be mixed in with the next call's DH shared
> secret, giving it key continuity properties analogous to SSH.
The SSH trust model has certainly proved itself as useful, and is
probably perfectly appropriate for semi-adhoc telephony where voice
nuance offers an additional means of detecting phonies (pun!).
The screenshot on that page seems to indicate only three [a-z0-9]
characters form the "key fingerprint". My first impression was that
this was insufficient, but it is probably a good tradeoff. It is
short enough that people will actually use it, and an attacker might
only get a couple of tries of getting it wrong (in a 2^15 bit space)
before a human would be very suspicious.
-d
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list