Talk:ZRTP

A free firmware update is available ...
"A free firmware update is available for the DrayTek Vigor 2820Vn which adds ZRTP to both phone ports. This is an automatic system requiring no PC." Sources or details please. —Preceding unsigned comment added by Nils Jansen (talk • contribs) 16:47, 24 January 2010 (UTC)

Use as advertising platform
PrivateGSM is not free, as implied by the section it is listed in. There is a "receive-only" version available, and the other versions are either trial or pay. 95.33.120.237 (talk) 05:55, 24 August 2009 (UTC)

Please report all informations about ZRTP protocols and projects
Please do not deface informations regarding ZRTP ecosystems of interoperable products.

To beat Cisco lobby and make ZRTP the de-facto Voice Security Protocol it's important to cooperate, have projects, products, opensource, closed source, opensource based business models like KHAMSA, UM-LABS, PJSIP to finance opensource development.

So please do not remove any hit about the project just because it's personally and individually considered as SPAM only because it's not opensource.

LIBZRTP AGPL, for commercial you you have to pay. For this reason you want to remove the official libzrtp mention to the project? —Preceding unsigned comment added by 213.140.6.112 (talk) 16:22, 5 December 2008 (UTC)


 * http://news.cnet.com/8301-1009_3-57451057-83/phil-zimmermanns-post-pgp-project-privacy-for-a-price/ — Preceding unsigned comment added by 2A01:E35:2E52:79B0:8D46:DA68:15BB:7961 (talk) 14:15, 14 June 2012 (UTC)

Guarantee of no MITM is too strong
The article says

If the values on both ends match, it is guaranteed that there is no man-in-middle.

I think that's too strong a statement. For example:


 * Alice calls Bob, but unbeknownst to either of them, Mallory is the man in the middle
 * Mallory negotiates separate ZRTP sessions with both Alice and Bob
 * Mallory algorithmically impairs the quality of the voice channels so that it is difficult to distinguish his voice from anyone else's
 * Alice reads her SAS to Mallory, and Mallory reads his SAS to Alice
 * Bob reads his SAS to Mallory, and Mallory reads his SAS to Bob
 * Mallory connects the audio of the two ZRTP sessions together (with the quality impairment)
 * Once Alice and Bob are satisifed with the SAS' they've received, they start their conversation.
 * The quality impairment can be blamed on a poor internet connection and the use of a low-rate CODEC.

If Mallory has samples of Alice's and Bob's speech ahead of time, rather than voice quality impairment, he can use more sophisticated software to modify his voice to sound similar to Alice's or Bob's. This is much more difficult but not impossible. --Brouhaha 19:43, 17 June 2006 (UTC)

The statement has been modified to remove the guarantee (Zimmermann never used the word guarantee). However, I think an attack that involves voice imitation incurs a high risk of detection, and thus is adequately deterred. The attacker cannot predict or control exactly how Alice and Bob will conduct the SAS comparison. -PRZ

I think it's not as easy to attack this as you think. Here is something from my FAQ page:

Q: Is the Short Authentication String (SAS) vulnerable to an attacker with voice impersonation capabilities?

A: In practical terms, no. It is a mistake to think this is simply an exercise in voice impersonation (perhaps this could be called the "Rich Little" attack). Although there are digital signal processing techniques for changing a person's voice, that does not mean a man-in-the-middle attacker can safely break into a phone conversation and inject his own short authentication string (SAS) at just the right moment. He doesn't know exactly when or in what manner the users will choose to read aloud the SAS, or in what context they will bring it up or say it, or even which of the two speakers will say it, or if indeed they both will say it. In addition, some methods of rendering the SAS involve using a list of words such as the PGP word list, in a manner analogous to how pilots use the NATO phonetic alphabet to convey information. This can make it even more complicated for the attacker, because these words can be worked into the conversation in unpredictable ways. Remember that the attacker places a very high value on not being detected, and if he screws up, he doesn't get to do it over. prz 09:27, 16 February 2007 (UTC)


 * The deeper issue here is that the whole authentication mechanism seems to depend not on a known hard problem, but instead on voice impersonation being hard.--Teemuk 07:54, 25 May 2007 (UTC)


 * The Cryptologic Quarterly citation references a document that is classified as top secret. Is that acceptable to source since the content proving the NSA has successfully forged the SAS cannot be verified by Wikipedia? --LeeAzzarello (talk) 02:06, 14 June 2013 (UTC)
 * I recently submitted an NSA FOIA (#114521) request for the article to which they told me there was no article written in 2006 with that topic. They didn't give a Glomar response or cite any reason to not give it, and I even followed up with the public records custodian for more info and they replied "My staff conducted an exhaustive search and unfortunately was unable to locate the specific issue you requested. I have no additional insight as to where you might be able to locate this information." LoganLopez (talk) 01:50, 18 September 2022 (UTC)

Name
Apparently the 'Z' in ZRTP comes about because Phil 'Z'immermann invented it - http://zfoneproject.com/