On Sat, 2015-02-28 at 13:28 +0100, Johan Wevers wrote: > In practice the Textsecure protocol works well of couyrse because it > uses the phone number. "In practise"... I guess that's also what most "normal" people believed about their security before Snowden.
And a phone number is really no secure credential at all to prove one's identity. o.O > Most people I communicatw with often I even recognise by voice > alone Not sure what you refer to,... but if it's authentication schemes like ZRTP (which TextSecure wouldn't use)... I'm quite sceptical about these. The idea behind them (authentication via voice and some random string which the peers say to each other and compare) may sound nice at a first glance,... but little is known how good (or not) powerful organisations can real-time fake voices. And even if not, how difficult can it be for an organisation like the NSA to spy on you for a while and record enough of your voice and then do a MitM? > taking over the phone number is not going to work. I don't see > even the NSA breaking that. You seem to have missed all the years long discussion about how easy it is to hack mobile systems? Even for novice criminals, etc.? And this even assumes that everything in between (network operator, phone manufacturer, OS manufacturer) is actually not evil, which is unlikely as well. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users