On 20 April 2016 at 17:54, Michael Farb <[email protected]> wrote: > Does anyone know about the end to end messaging protocol used by Viber in > the release they announced yesterday? I believe it’s closed source, but I’d > be curious to know if they have posted the general protocol anywhere. I’ve > not found anything yet. I’m curious to know if it’s based on the ratchet > used for Signal or not. > > https://support.viber.com/customer/portal/articles/2017401-viber-security-faq > > What I really like is the improved UX for authentication I’ve not seen yet. > They use their own real-time channel (voice) to guide the user through the > fingerprint readout. Now, real-time channels are available through many > tools, but I think this is the first time I’ve seen a text messaging service > do this (ZRTP in video calls and voice calls notwithstanding).
I can't find it right now, but there was a paper in the last year or so about attacking voice channels for fingerprinting by using a mitm with voice synthesis. Apparently it works pretty well. > > What I’d like to see next: A way to prevent accepting the fingerprint > without reading it similar to SafeSlinger, with perhaps a shorter hash to > confirm. > > Cheers, > Mike > > Michael W. Farb > Research Programmer, Carnegie Mellon University CyLab > www.cylab.cmu.edu/safeslinger > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
