[guardian-dev] The sound of an encrypted audio stream
Frank Rieger
frank at ccc.de
Wed Jul 24 19:18:45 EDT 2013
VBR codecs should under no circumstances be used for encrypted calls. The science for recovering enough structure to gain partial content information is way too well developed to ignore this. This has been a constant point of trouble with ZRTP-solutions and needs to be handled (crudely) at the phone software level or (better) with a patch to the repsective ZRTP library that rejects VBR codecs based on the header information.
Best regards,
Frank Rieger
---
On 23.07.2013, at 22:47, Lee Azzarello wrote:
> Hello all,
>
> There have been some conversations recently on IRC and on the web
> about VBR audio codecs and plaintext recovery.
>
> It's an interesting conversation and one which will change a lot in
> our times. While I was testing some video call clients, I saw a bug
> between a custom build of Linphone on Android and a nightly of Jitsi
> on OS X where Linphone tried to play back the encrypted audio through
> the speaker without first decrypting it.
>
> This is what a SRTP audio stream sounds like to a wiretap. The codec
> is speex at 16 kHZ, I believe it is VBR but I'm not certain.
>
> http://ge.tt/9FG7Tem/v/0?c
>
> -lee
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/frank%40ccc.de
>
> You are subscribed as: frank at ccc.de
>
More information about the Guardian-dev
mailing list