

WhisperSystems: Voice and Text Encryption for Android - mcantelon
http://www.whispersys.com/

======
phunel
Anyone in the HN community working on PGP encryption for the iPhone/Android?
Not in the hushmail vein, but using the Thunderbird/Enigmail implementation of
GnuPG as the model instead? Thoughts?

------
pieter
How do you verify the identity of the other person? That is, how do they
prevent man in the middle attacks?

~~~
wmf
They're using SMS for call setup, which is unlikely to be MITMed. Also see
<http://en.wikipedia.org/wiki/ZRTP#Authentication>

------
shareme
a question: They do not use SIP are they injecting a third party switch in
order to avoid having to use Sip and thus opening themselves up to the legal
back door they mention?

~~~
damaja
Pretty sure that ZRTP negotiates the session over the media layer (RTP.. thus
Zimmerman RTP), thus avoiding the need for a switch to any other system
outside the two users to set up the call.

