From owner-freebsd-multimedia@FreeBSD.ORG Wed Jun 22 08:07:39 2005 Return-Path: X-Original-To: freebsd-multimedia@freebsd.org Delivered-To: freebsd-multimedia@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA8EF16A41C for ; Wed, 22 Jun 2005 08:07:39 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: from web41214.mail.yahoo.com (web41214.mail.yahoo.com [66.218.93.47]) by mx1.FreeBSD.org (Postfix) with SMTP id AF38043D49 for ; Wed, 22 Jun 2005 08:07:39 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 67495 invoked by uid 60001); 22 Jun 2005 08:07:39 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=V3Bf2SmMKpUN6XX4Fq1Sg03gi2NQcsgXxgrNC30FEw4Uz5CJ+RrE0bEfxTwgMzqTvI6jtzhefm87AOl57nrOvK/WH5aS/cwFTaWxEPWZ9s9UMzAlul0WXtdrOW6jouPHZ7NZGIPtOMPt5UkmRJbwASKvBvO9s3xfZr5b+na7AOc= ; Message-ID: <20050622080739.67493.qmail@web41214.mail.yahoo.com> Received: from [213.54.159.104] by web41214.mail.yahoo.com via HTTP; Wed, 22 Jun 2005 01:07:39 PDT Date: Wed, 22 Jun 2005 01:07:39 -0700 (PDT) From: Arne "Wörner" To: Jacob Meuser , freebsd-multimedia@freebsd.org In-Reply-To: <20050622051314.GB23165@puff.jakemsr.gom> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: tamper proofing audio X-BeenThere: freebsd-multimedia@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Multimedia discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2005 08:07:39 -0000 --- Jacob Meuser wrote: > On Wed, Jun 22, 2005 at 02:12:20PM +0930, Tim Aslat wrote: > > Hi All, > > > > can anyone tell me if it's possible to tamper-proof an > > audio recording in such a way that it can still be > > played on a normal audio CD player? > > > Simply verifying the files with checksums (multiple > algorithms to lessen the possibility of "collision > attacks") is insufficient? > I say, how could we hinder an attacker to simply recompute the checksum after modifying the audio recording? gnupg (ports/security) would provide a signature, that is coupled with a passphrase. Since I do not like passphrases, because they can be found out quite easily (the trick with just asking for the passphrase sometimes still works, too), I would say that you need a physically safe computer somewhere (with tall muscled guards and pump-guns) - on this computer you could store the signatures or -even better- the whole audio recording (I just remember that you do not have a network connection...)... Another idea would be, that you produce the check-sum/signature for the recording and then the computer asks the lawyer/person to read the checksum to the computer - then the computer adds that check-sum recording to the to-be-signed recording, so that the attacker would have at least the problem of simulating the voice of the lawyer/person, which might be quite impossible... -Arne P. S.: It remembers me a little bit on the silly lawyer in the TV series "The Simpsons", who used to change the video/audio last will of his clients by simply using his own voice... *giggle* __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail