Secure phone
Carl M. Ellison
cme at acm.org
Wed Oct 8 21:10:47 PDT 1997
Eric,
I think you can make a stronger statement.
With your phone, once you exchange the hash you have good assurance
that you have a private conversation with the person whose voice you hear.
How you determine that that is the person you think it is/should be
is a different problem.
As for proving lack of an eavesdropper, you would also need to
establish that the person's earpiece wasn't bugged, the person didn't
record the conversation to hand to someone else, ....
For my purposes, the authentication is secure enough that I'm very
pleased. The voice quality is good enough that I can recognize friends --
and if I'm calling a stranger, then the MITM is a moot point. That is, if
I'm calling a stranger named Bob, there is no way for me to tell the
difference between:
Carl -- Eve -- Bob
and
Carl -- Bob -- Eve
since both Bob and Eve are strangers to me and I don't know Bob well enough
to rule out case 2.
- Carl
+------------------------------------------------------------------------+
|Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
| "Officer, officer, arrest that man! He's whistling a dirty song." |
+-------------------------------------------- Jean Ellison (aka Mother) -+
More information about the cypherpunks-legacy
mailing list