On 15/02/13 23:27, Peter Lawler wrote:
I'm semi-committed to hacking on this with one of the more prolific
Pidgin plugin authors over the next few months. One thing I had already
though about would be investigating along the way would be how OTR could
hook in to this as well. However as I'm at about the same stage with
that as I was last night with my thought bubble. In deference to the
list, I've renamed this thread to look a bit more broadly at encrypting
voice/video somehow.
Ok then, just a general thought or two - I don't know whether CODEC2 is
rate-adaptive, but rate-adaptive codecs are a cryptographic no-no. It
may be possible to reconstruct the words from the rate patterns, see eg:
http://www.cs.unc.edu/~fabian/papers/foniks-oak11.pdf
If not words then eg sentence structure may be discernable, or
sufficient phrasing timing to identify an individual, even through the
crypto.
Also, encrypted broadcast radio and voice chatting have different
requirements for codecs - in broadcast radio there is no requirement for
low latency so a guaranteed-delivery transport layer like TCP can be
used, whereas low-latency is essential in voice chatting and it is
usually necessary to use a fast non-guaranteed protocol like UDP.
This affects the actual crypto used, as in the latter case the crypto
has to be able to cope with dropped packets. In the high-latency case it
may be better to die quietly if the entire stream cannot be
reconstructed, as an active attacker might be able to erase an
occasional "not".
That said, I don't see any fundamental reason why OTR's key exchange etc
mechanisms (as I understand them - I am a bit out-of-date) could not be
reused for chat or broadcast voice.
-- Peter Fairbrother
_______________________________________________
OTR-dev mailing list
[email protected]
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
