Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cellcrypt?

Fabio Pietrosanti (naif) lists at
Thu Feb 9 02:33:37 PST 2012

On 2/8/12 8:24 PM, Marc wrote:
> Have you ever heard of  SRTP
> and are there any security auditions or reviews about it ?

SRTP is the way to symmetrically encipher RTP flow (that can carry audio
or video inside).

SRTP need to be feed with a key, and different key exchange exists:
- SDES (end-to-site key exchange within SIP/TLS enciphered channel)
- ZRTP (end-to-end encryption with Short Authentication String human
- MIKEY (use x509v3 digital certificate)

So, ZRTP use SRTP in the AES-CTR 256bit mode while SDES use SRTP in the
AES-CTR 128bit mode.

The way you do the SRTP key exchange directly influence the "security
model" and the "thread model" that you would like to manage.

Example graphics on how different key exchange works:

The SRTP implementation you cited is the universally used one in almost
any commercial and opensource tool that need to do encryption of RTP flow.


More information about the liberationtech mailing list