![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||
|
"A free firmware update is available for the DrayTek Vigor 2820Vn which adds ZRTP to both phone ports. This is an automatic system requiring no PC." Sources or details please. —Preceding unsigned comment added by Nils Jansen ( talk • contribs) 16:47, 24 January 2010 (UTC)
PrivateGSM is not free, as implied by the section it is listed in. There is a "receive-only" version available, and the other versions are either trial or pay. 95.33.120.237 ( talk) 05:55, 24 August 2009 (UTC)
Please do not deface informations regarding ZRTP ecosystems of interoperable products.
To beat Cisco lobby and make ZRTP the de-facto Voice Security Protocol it's important to cooperate, have projects, products, opensource, closed source, opensource based business models like KHAMSA, UM-LABS, PJSIP to finance opensource development.
So please do not remove any hit about the project just because it's personally and individually considered as SPAM only because it's not opensource.
LIBZRTP AGPL, for commercial you you have to pay. For this reason you want to remove the official libzrtp mention to the project? —Preceding unsigned comment added by 213.140.6.112 ( talk) 16:22, 5 December 2008 (UTC)
The article says
If the values on both ends match, it is guaranteed that there is no man-in-middle.
I think that's too strong a statement. For example:
If Mallory has samples of Alice's and Bob's speech ahead of time, rather than voice quality impairment, he can use more sophisticated software to modify his voice to sound similar to Alice's or Bob's. This is much more difficult but not impossible. -- Brouhaha 19:43, 17 June 2006 (UTC)
The statement has been modified to remove the guarantee (Zimmermann never used the word guarantee). However, I think an attack that involves voice imitation incurs a high risk of detection, and thus is adequately deterred. The attacker cannot predict or control exactly how Alice and Bob will conduct the SAS comparison. -PRZ
I think it's not as easy to attack this as you think. Here is something from my FAQ page:
Q: Is the Short Authentication String (SAS) vulnerable to an attacker with voice impersonation capabilities?
A: In practical terms, no. It is a mistake to think this is simply an exercise in voice impersonation (perhaps this could be called the " Rich Little" attack). Although there are digital signal processing techniques for changing a person's voice, that does not mean a man-in-the-middle attacker can safely break into a phone conversation and inject his own short authentication string (SAS) at just the right moment. He doesn't know exactly when or in what manner the users will choose to read aloud the SAS, or in what context they will bring it up or say it, or even which of the two speakers will say it, or if indeed they both will say it. In addition, some methods of rendering the SAS involve using a list of words such as the PGP word list, in a manner analogous to how pilots use the NATO phonetic alphabet to convey information. This can make it even more complicated for the attacker, because these words can be worked into the conversation in unpredictable ways. Remember that the attacker places a very high value on not being detected, and if he screws up, he doesn't get to do it over. prz 09:27, 16 February 2007 (UTC)
Apparently the 'Z' in ZRTP comes about because Phil 'Z'immermann invented it - http://zfoneproject.com/
The implementations should not be included per WP:NOTLINK, WP:NOTHOWTO, and WP:EL. -- Ronz ( talk) 19:53, 29 May 2012 (UTC)