>Why is this hard to fake at all? You send a different fax to your >system, and replace the Asterisk audio file with the one from the >altered fax. Additionally, the client has no realistic way of >verifying the correctness of your audio-to-fax translation tool; it >could just as easily output a TIFF file completely different from the >one that was actually faxed.
That's interesting, I hadn't thought of it that way. I was thinking in terms of subtly modifying the original audio stream not outright replacing the recording and faking the datestamp! Given that, essentially recording the audio is the *same* as retaining the TIFF in terms of integrity vulnerability. How about this: (theoretical of course) 1. Fax comes in 2. Audio is recorded 3. A checksum of the audio is generated then relayed somehow to a seperate, secure system 4. In the event of a dispute, the checksum is retrieved, compared with the original audio file, then the original audio is "replayed" and the fax is regenerated. The 3. part I leave as an exercise for the reader. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users