Eric, I think you can make a stronger statement. With your phone, once you exchange the hash you have good assurance that you have a private conversation with the person whose voice you hear. How you determine that that is the person you think it is/should be is a different problem. As for proving lack of an eavesdropper, you would also need to establish that the person's earpiece wasn't bugged, the person didn't record the conversation to hand to someone else, .... For my purposes, the authentication is secure enough that I'm very pleased. The voice quality is good enough that I can recognize friends -- and if I'm calling a stranger, then the MITM is a moot point. That is, if I'm calling a stranger named Bob, there is no way for me to tell the difference between: Carl -- Eve -- Bob and Carl -- Bob -- Eve since both Bob and Eve are strangers to me and I don't know Bob well enough to rule out case 2. - Carl +------------------------------------------------------------------------+ |Carl M. Ellison cme@acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2| | "Officer, officer, arrest that man! He's whistling a dirty song." | +-------------------------------------------- Jean Ellison (aka Mother) -+