On Fri, Jan 31, 2014 at 11:17 AM, Daniel Kahn Gillmor <[email protected] > wrote:
> On 01/31/2014 12:24 PM, Trevor Perrin wrote: > > In practice, SAS are mostly used by phone > > protocols, since users can speak the SAS to each other (assuming voice > > impersonation is hard). > > Do we have backing for the assumption that "voice impersonation is > hard"? My VOICE is my PASSPORT verify ME? ;) > This assumption seems like the Achilles heel of these schemes, > and i wonder how much work has been done to test it. > What about simultaneous video and voice impersonation? Indeed, Wikipedia suggests that the NSA has built systems to attack this > problem 8 years ago If your threat model includes Nation State Adversaries, I think all bets are off... -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
