Phoner(Lite) Forum - ZRTP: some observations of a newbie.

05. May 2024 at 23:38

Choose Language:

Phoner(Lite) Forum › Allgemein / General › English Support › ZRTP: some observations of a newbie.

‹ Previous Topic | Next Topic ›

Page Index Toggle

Pages: [1] 2

Hot Topic (More than 10 Replies)

ZRTP: some observations of a newbie. (Read 13044 times)

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	ZRTP: some observations of a newbie. 25. Sep 2013 at 11:47	Print Post
	PhonerLite v2.11 Thank you for the great piece of software! The only way to establish an encrypted AND authenticated SIP session between the two PhonerLite clients with the ZRTP is to have: the ZRTP checked (quite obviously); the SRTP unchecked; the SAVP grayed-out (because of the #2 condition); the "Masquerade" setting is optional. Only under these conditions I can see the "locked with the green tick-mark" icon, and there is the "ZRTP: some four-char SAS value" in the tool-tip. (The connection type is UDP) If the SAVP is checked - no SAS is presented at all. Please comment. Thank you in advance.

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Phoner Admin YaBB Administrator Offline Posts: 11421 Location: Germany Joined: 12. Oct 2003 Gender:	Re: ZRTP: some observations of a newbie. Reply #1 - 25. Sep 2013 at 12:05	Print Post
	SAVP should only be enabled, if you have problems with normal SRTP (no ZRTP).


	WWW IP Logged

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	Re: ZRTP: some observations of a newbie. Reply #2 - 25. Sep 2013 at 12:40	Print Post
	Thank you for the clarification. It would be more convenient to gray-out the SRTP/SAVP (and consequently disable them internally) if the ZRTP is checked.

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Phoner Admin YaBB Administrator Offline Posts: 11421 Location: Germany Joined: 12. Oct 2003 Gender:	Re: ZRTP: some observations of a newbie. Reply #3 - 25. Sep 2013 at 12:42	Print Post
	As soon as SRTP is disabled, SAVP is grayed out here.


	WWW IP Logged

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	Re: ZRTP: some observations of a newbie. Reply #4 - 25. Sep 2013 at 12:44	Print Post
	Yes, it is. I mean to gray-out the SRTP when the ZRTP is enabled.

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Phoner Admin YaBB Administrator Offline Posts: 11421 Location: Germany Joined: 12. Oct 2003 Gender:	Re: ZRTP: some observations of a newbie. Reply #5 - 25. Sep 2013 at 12:47	Print Post
	Why should I do that? Think about the following scenario: A supports SRTP and ZRTP, but B only "classic" SRTP. Your suggestion is then, that never an encrypted audio stream should be established? So if you have in your case problems with enabled SRTP, just disable that. But this is not valid for all scenarios.


	WWW IP Logged

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	Re: ZRTP: some observations of a newbie. Reply #6 - 25. Sep 2013 at 13:23	Print Post
	Sounds logical. Just one note: by encrypted I understand a call, that nobody can tap to. Is it possible with the "classic" SRTP? From what I've read about the SRTP - it is nothing more than the marketing feature for unsuspecting user. May be I'm completely wrong. May be my usage scenario is special/different to what others demand.

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Phoner Admin YaBB Administrator Offline Posts: 11421 Location: Germany Joined: 12. Oct 2003 Gender:	Re: ZRTP: some observations of a newbie. Reply #7 - 25. Sep 2013 at 13:38	Print Post
	SRTP is secure! The only question is the way of key exchange. ZRTP is one way for key exchange. So if you are using ZRTP, you just uses a special method to exchange keys. The audio itself is encrypted and transported with SRTP. You can exchange keys in SIP (or better SDP) messages. For this you need to encrypt SIP. For this TLS is used. The disadvantage of TLS is, that the SIP provider must decrypt the message to be able to route the call to right destination. If the SIP provider decrypt the message, it also can decrypt SRTP, because it would know the keys. ZRTP is a end-to-end key exchange. The SIP provider has no influence to it.


	WWW IP Logged

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	Re: ZRTP: some observations of a newbie. Reply #8 - 25. Sep 2013 at 16:48	Print Post
	Please bear with me, it is my first experience with the ZRTP. No other SIP software/hardware I have access to does support it. Is there a way to make the SAS longer (the Zfone has an option of "Base-256")? Also, which cipher is implemented: AES-128 or AES-256? Which "SRTP auth" tags are used: HMAC-32 or HMAC-80?

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Phoner Admin YaBB Administrator Offline Posts: 11421 Location: Germany Joined: 12. Oct 2003 Gender:	Re: ZRTP: some observations of a newbie. Reply #9 - 26. Sep 2013 at 10:47	Print Post
	The SAS is just a short string, that each party should tell each other to check if the ID is the same. This length is fixed. PhonerLite supports AES-128 and AES-256, HMAC-80 Take a look at Jitsi, that supports ZRTP. There are some other clients for Linux too.


	WWW IP Logged

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	Re: ZRTP: some observations of a newbie. Reply #10 - 26. Sep 2013 at 12:06	Print Post
	Jitsi is SO huge - it does not fit on my Eee PC 900. I was experimenting with the "latest" Zfone (09-Feb-2009, v0.9.217) and the eyeBeam. In the "Base-256" mode it gives a SAS longer than the four character string.

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Phoner Admin YaBB Administrator Offline Posts: 11421 Location: Germany Joined: 12. Oct 2003 Gender:	Re: ZRTP: some observations of a newbie. Reply #11 - 26. Sep 2013 at 12:10	Print Post
	Keep in mind, that Eyebeam is a company that has much more manpower. I was just interested in the principle of ZRTP and therefore started an own implementation. I have no time for any further enhancements. Sorry.


	WWW IP Logged

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	Re: ZRTP: some observations of a newbie. Reply #12 - 26. Sep 2013 at 15:39	Print Post
	OK, let's hope I'm of no such big importance to the three-letters agencies for them to forge (short) SASs...

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Phoner Admin YaBB Administrator Offline Posts: 11421 Location: Germany Joined: 12. Oct 2003 Gender:	Re: ZRTP: some observations of a newbie. Reply #13 - 26. Sep 2013 at 16:19	Print Post
	Please keep in mind, that this SAS is just a string for the user and it is just for comparison. The encryption itself should AES-256!


	WWW IP Logged

TonyOZ YaBB Newbies Offline PhonerLite is great! Posts: 37 Location: Saint-Petersburg, Russia Joined: 25. Sep 2013	Re: ZRTP: some observations of a newbie. Reply #14 - 26. Sep 2013 at 16:50	Print Post
	Yes, clearly understand what the SAS is for: to be able to detect a MiTM attack on the cipher key agreement procedure. SASs should match on both sides of a SIP conversation - if no MiTM is present. Out of sheer paranoia - the longer the SAS value - the more difficult for attacker to find a hash collision quickly, so that SASs will match despite a successful MiTM. Does PL implement the key continuity properties (advertised in the Zfone)?

	PhonerLite v2.17 on winXP-SP3.
	IP Logged

Page Index Toggle

Pages: [1] 2

‹ Previous Topic | Next Topic ›

« Board Index ‹ Board Top

Top

Phoner(Lite) Forum » Powered by YaBB 2.6.11!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid XHTML

Valid CSS

Powered by Perl

Source Forge