Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZRTP key continuity check removed from Signal/RedPhone #44

Open
xmikos opened this issue Oct 9, 2015 · 6 comments
Open

ZRTP key continuity check removed from Signal/RedPhone #44

xmikos opened this issue Oct 9, 2015 · 6 comments

Comments

@xmikos
Copy link

xmikos commented Oct 9, 2015

One of key security features of ZRTP encrypted phone calls - key continuity - has been removed from RedPhone when it has been integrated into Signal. See this issue for more info:

#4226: No warning when getting a call from contact with new key

Moxie closed it without explanation why it has been removed (with simple "yes you have to verify the sas every time").

Would you agree to reimplement it (well, it seems to be only commented out in the code, so it shouldn't be that hard) in your WebSocket fork? I can look into it when I get time if you are interested in it.
@relyt29
Copy link

relyt29 commented Oct 9, 2015

just curious, what is SAS?

@xmikos
Copy link
Author

xmikos commented Oct 9, 2015

@f41c0r SAS is Short Authentication String, shared value (those two words displayed on screen while calling with RedPhone/Signal) which both communicating parties should verbally cross-check. With key continuity, it is sufficient to cross-check SAS only in first call (TOFU model - Trust On First Use). But without key continuity, you have to cross-check SAS in every call to avoid potential MITM attack.

@h-2
Copy link

h-2 commented Oct 10, 2015

I think it would be wise to keep the diff of the websocket-branch absolutely minimal as long as there is a chance of it being merged upstream. Iff this can be ruled out, one should think about a real fork (with potentially different features).

@xmikos
Copy link
Author

xmikos commented Oct 10, 2015

@h-2 This is really important basic security feature, without it even cSipSimple (or any other SIP client which supports ZRTP) is much more secure than Signal.

@h-2
Copy link

h-2 commented Oct 10, 2015

@xmikos the other thread suggests that it might be a temporary change. Also I think that as long as we want something from moxie (i.e. to accept the patch) we should not pick other fights with him. Its not very polite or smart ;) We can discuss it afterwards, and ultimately we would want the feature to be active for mainline TS users, as well.

@xmikos
Copy link
Author

xmikos commented Oct 10, 2015

@h-2 I surely hope that it is only temporary while Signal is in beta. But Moxie didn't write anything to assure us that it is indeed like that. Btw. I don't believe anymore that WebSocket support will ever get merged upstream.

This was referenced Jan 7, 2016
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@h-2 @xmikos @relyt29