[guardian-dev] Evaluation of ZRTP clients
dominik at dominikschuermann.de
Tue Mar 14 20:28:22 EDT 2017
this should be of interest to Guardianproject's Ostel project:
We evaluated the ZRTP clients Acrobits Softphone, CSipSimple, Jitsi,
Linphone, and Signal in regards to their protocol compliance, error
handling, and user interfaces. Our extensive analysis uncovered a
critical vulnerability that allows wiretapping even though Short
Authentication Strings are compared correctly. We discuss shortcomings
in the clients’ error handling and design of security indicators
potentially leading to insecure connections.
I also want to praise the effort put into your Open Secure Telephony
Network (OSTN), which we used as our test network.
As always, I am open for questions and ideas how to fix outstanding issues.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the guardian-dev