On Sat, 2015-02-28 at 19:01 +0100, Johan Wevers wrote: > No it's not, it is much simpler. When I call my wife and are in fact > connected with a computer or agent impersonating her, they are unlikely > being able to copy her voice so good that I don't hear it. I guess you've missed some developments in research here (see Daniel's post) - and this is just the publicly known research.
> And even if > they are, I think it's very unprobable they would be able to fool me due > to them missing context. They don't need to know any content. And they don't need to fake her all the time. When "they" MitM you, they just need to wait for the time when you'd actually to mutual authentication via saying some "code" or whatever the ZRTP implementation gives you. Only then they need to mute the real "her" and let the faked "her" say the code for their (evil) DH connection with you - and vice versa. I'm not sure what the most recent ZRTP implementations do... but is it more than numbers, letters or simple words? Nothing one couldn't fake or perhaps pre-record somewhere in the real world. Of course they might still not be able to imposture her completely - in the sense that "she" tells you to send all your savings via PayPal to cales...@scientia.net (which would be surely a good idea ;-) ) - But it's enough for them to eavesdrop. > And even if it would be possible, it would require so much manpower to > make it unusable for mass surveilance. It would probably only be used > against very high-priority targets of the caliber Bin Laden. btw: I don't think that GnuPG's only intent is to fight against mass surveillance. I mean mass surveillance *is* of course a problem - but at least none that will usually have any directly measurable negative effect on the victim (again I'm not talking about the negative effect on his liberties here). The NSA has definitely read most of my mails (as they go to public lists ^^) but since I'm no criminal, neither someone like Snowden, Greenwald or Assange - they simply don't care about me. But such people or Iranian dissidents and that like ... probably want some system which not only protects them against mass surveillance but also gives them at least the best possible safety against dedicated surveillance of single targets. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users