Re: [Ekiga-list] Ekliga Encryption.




--- On Mon, 12/27/10, Anthony Papillion <papillion gmail com> wrote:

> From: Anthony Papillion <papillion gmail com>
> Subject: Re: [Ekiga-list] Ekliga Encryption.
> To: "Ekiga mailing list" <ekiga-list gnome org>
> Date: Monday, December 27, 2010, 3:03 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 12/26/2010 12:03 PM, Grigory Sarnitskiy wrote:
> > Hello!
> > 
> > Wikipedia (http://en.wikipedia.org/wiki/Comparison_of_VoIP_software)
> says there is no encryption in Ekiga. I'm pretty dumb in all
> that security stuff, but still I want to have some level of
> encryption. How do I secure my conversations?
> 
> I'm pretty sure the Wikipedia entry is correct, I don't
> think Ekiga
> encrypts at all.  I've been looking for encrypted
> VoIP, you might want
> to look at using Phil Zimmermanns ZFone (which might be
> able to be used
> to secure and encrypt Ekiga traffic).
> 
> Anthony
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (MingW32)
> 
> iQIcBAEBAgAGBQJNGHJtAAoJEIeUq9QAeLbkLIEP+gLsJDvbQ4y8Kdk/DK61BywG
> 0CYnxaI8NGBUSU6DS1f+dh6oyFytlMNSgWdBXNL7h9kxCpnLqU8Zldnpw/9qRfYZ
> 6xOnHJhnngRvFnJZKstejvC6xSsEmNlFZPNKZDcLaI4EgbSmWhgIQz4ENMAvRHSz
> IU66mmyz04ja7ZEdINUm6JRy/ADDkCHb/SG7Lm0zNMDEUC3XZLQSsAWe3mKhuEEK
> hGe6PQ3oGqX2My0epnHVBLf1URj1z0clMhpoLvy0zeqkfxQN9BpgE2zeGnqan8rN
> pV570ESD9kiuOUPDEmaUwzA4U+WPbba5K7MR0Vo8/KE8xKj29RWg96/ebDvY0urV
> EDiJAa7O9ll0Ju15o4WEq6E1jwo5RQx8NOuzrLZ5sdaWrO1bGjOXvAcJc0eqQI/F
> 7bzW/TnlSka+whmHv6JWU3GrvCwofLOsyn1PTNzgLVfjY9Q3F44vit/vci5FAxrv
> L5nBfmcgmDmbC9++wnlK0tJ7PbunYB+iJaJE/7TgydtyfD9UguEmfl2MxFdpKtQa
> 7vcG0pkDKFSa1I7zOErXZXISXAb81wKKwIjStCsFw5DFBuPKoArIdtl/cGecYuyC
> Bk3hX7tfD2Qst3mLeZRMf8NsgtXfWuwadFgm/fmZD1C8kxSOYR+T/vD4Gggh7TY1
> v3rBuLaO4MHHsLNF+IAu
> =5aU5
> -----END PGP SIGNATURE-----
> _______________________________________________
> ekiga-list mailing list
> ekiga-list gnome org
> http://mail.gnome.org/mailman/listinfo/ekiga-list
> 

I suggest to read http://en.wikipedia.org/wiki/ZRTP and pay special
attention to:

"
To ensure that the attacker is indeed not present in the first session (when no shared secrets exist), the Short Authentication String method is used: the communicating parties verbally cross-check a shared value displayed at both endpoints. If the values don't match, a man-in-the-middle attack is indicated. (In late 2006, NSA developed an experimental voice analysis and synthesis system to defeat this protection.[2])

"

;-) .

Regards,
  Sergei.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]