🧵 Short Authentication Strings (SAS) in the Age of Generative AI
When ZRTP was released by Phil Zimmermann and team in the mid-2000s, one of it's main innovations was to use SAS in order to verbally authenticate the other party on the call and rule out person-in-the-middle attacks. This worked by reading aloud a SAS value over the voice connection and ensure that it matched the value on the other side.
When we shipped Signal 1.0 with ZRTP, those were the words on the display during calls.
👇
The words are an encoding of bits derived using a hash function from the ZRTP confirmation which contained the call's shared key.
The words used for SAS strings were cleverly chosen with the help of computational linguist Patrick Juola to maximize the phonetic distance between them.
https://en.wikipedia.org/wiki/PGP_word_list
https://www.mathcs.duq.edu/~juola/papers.d/icslp96.pdf
In #RFC6189 published in April 2011, the hardening measure described was to use video channels to authenticate, since running live lip syncs with the voice-spoofed SAS was considered unfeasible using the machine learning algorithms at the time.
This gets us to today where using open-source video generative models such as Wan, it's very feasible for someone, even with modest computational ressources to mount an attack on a SAS-based authentication channel.
Generative lip syncs is a solved problem.
So SAS-based authentication is no longer an effective authentication method for sensitive communications.
Signal has since moved from ZRTP to Signal Protocol-authenticated WebRTC for voice calls. Out-of-band auth is the way forward.
@fj wow, so a whole authentication method became obsolete before I even got to know it really existed 😅
Do you have examples of well known apps/companies that *used* to have this? (let's not provide links to those still using it)
I've never seen it used... or at least I never noticed.
EDIT: wait, you mention Signal as the signal messaging app? Is/was it really a thing there?
@silmathoron Yes, Signal had SAS strings between when we launched it in 2014 and the WebRTC update in 2017.
SAS was used in SilentCircle’s SilentPhone app too.
https://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the-iphone/
If you’re making a phone call with your iPhone, you used to have two options: Accept the notion that any wiretapper, hacker or spook can listen in on your conversations, or pay for pricey voice encryption software. As of today there’s a third option: The open source software group known as Open Whisper Systems has announced \[…\]
Frédéric Jacobs
Silmathoron ⁂
hackillu