-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Saturday 30 July 2011 at 3:22:12 AM, in <mid:4e336ad4.6020...@freenet.edmonton.ab.ca>, Jay Litwyn wrote: >>> although it would be tricky to fake photo-id >>> production on skype. Photo-id doesn't make very good >>> single frames, but change the angle on television and >>> those chrome things flicker and move... > MFPA wrote: >> OK, use a TV projector and point your webcam at the >> screen. > I do not hav a webcam, and I do not know why you want > me to create feedback. I thought you mentioned using skype for photo-id production and commented about television pictures flickering and moving, depending on angle. My response was to suggest a way the television picture could be used that had no such limitation. Pointing the webcam at a projected TV image instead of at the person using the computer wouldn't create feedback, as far as I know. >> "Mallory" could make recordings of your voice and use >> them to create such a file and sign it with their fake >> key. > Not if she wants any coherence in the tune; not that > there is a lot, mind you: It was straight a-cappella. When I played the file, I was checking what you said rather than how you said it, unaware there would be a tune to listen for. I'm sure somebody with a little skill in audio editing, and a better ear for pitch than I have, could adjust the speed and pitch of each sound to produce a passable end result. > All you can ever do is make a man in the middle attack > harder. Fair enough. > Live conversation makes it harder. Do you mean just real-life face-to-face, or do you include telephones and/or videoconferencing? > The picture of a thumb in PGP bugs me. Yes, giving up finger/thumbprints is linked in my mind to interrogation and incarceration, not to privacy. > PGP also > features a list of words, instead of hexadecimal. It > calls *that* a biometric print; not unless you voice it > somewhere, and it won't work with GPG, which would need > the same dictionary. The word list is there as an additional option to use in PGP, which also uses hexadecimal (or did when I used PGP 8.x). I fail to see how the word "biometric" applies, except as an extension of the metaphor about key digests being fingerprints. The word list is an alternative way of expressing the same information, and the word "biometric" is (loosely) an alternative word for "fingerprint." The word-list might present issues for non-English-speakers, as discussed a decade ago in the thread at http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/017007.html > My > library also had a reverse directory for Edmonton. Reverse directory information is available here only for law enforcement purposes (which is interpreted far too loosely). > They required my social security number. Nobody is > perfect. I am nobody. Therefore, I am perfect. Why > would anyone go to such lengths to impersonate me > electronically? No idea, but anybody asking for my national insurance number would be told to take a hike, unless they needed it to process payroll deductions, pensions, or benefits. They have no other legitimate use for it. - -- Best regards MFPA mailto:expires2...@ymail.com The truth is rarely pure and never simple -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJONETPnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pZhQD/0PI fVXGWHezqfMNbML6ympxZGb5s70gjxyVoHZcSeQxyYe+nZ3auQTQ7tnVtrKktVP+ mnj/rqPwQjWz7D3e1hPdlnRE38WfCXhuQP3B6Pj5J9euU17cPkFUZK2uQEvkNY4p YhdC3ie4lZCIyoajdrXDpi52N2MyJK656FxK9+Mc =48n6 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
