TextSecure icon indicating copy to clipboard operation
TextSecure copied to clipboard

Published 20 hours ago verified publisher icon JavaJens

ZRTP key continuity check removed from Signal/RedPhone

Open xmikos opened this issue 8 years ago • 6 comments

One of key security features of ZRTP encrypted phone calls - key continuity - has been removed from RedPhone when it has been integrated into Signal. See this issue for more info:

#4226: No warning when getting a call from contact with new key

Moxie closed it without explanation why it has been removed (with simple "yes you have to verify the sas every time").

Would you agree to reimplement it (well, it seems to be only commented out in the code, so it shouldn't be that hard) in your WebSocket fork? I can look into it when I get time if you are interested in it.

xmikos avatar Oct 09 '15 17:10 xmikos

just curious, what is SAS?

relyt29 avatar Oct 09 '15 17:10 relyt29

@f41c0r SAS is Short Authentication String, shared value (those two words displayed on screen while calling with RedPhone/Signal) which both communicating parties should verbally cross-check. With key continuity, it is sufficient to cross-check SAS only in first call (TOFU model - Trust On First Use). But without key continuity, you have to cross-check SAS in every call to avoid potential MITM attack.

xmikos avatar Oct 09 '15 17:10 xmikos

I think it would be wise to keep the diff of the websocket-branch absolutely minimal as long as there is a chance of it being merged upstream. Iff this can be ruled out, one should think about a real fork (with potentially different features).

h-2 avatar Oct 10 '15 17:10 h-2

@h-2 This is really important basic security feature, without it even cSipSimple (or any other SIP client which supports ZRTP) is much more secure than Signal.

xmikos avatar Oct 10 '15 17:10 xmikos

@xmikos the other thread suggests that it might be a temporary change. Also I think that as long as we want something from moxie (i.e. to accept the patch) we should not pick other fights with him. Its not very polite or smart ;) We can discuss it afterwards, and ultimately we would want the feature to be active for mainline TS users, as well.

h-2 avatar Oct 10 '15 17:10 h-2

@h-2 I surely hope that it is only temporary while Signal is in beta. But Moxie didn't write anything to assure us that it is indeed like that. Btw. I don't believe anymore that WebSocket support will ever get merged upstream.

xmikos avatar Oct 10 '15 17:10 xmikos