[OTR-dev] Draft of Security Analysis

Andrew S. Morrison asm at CS.Stanford.EDU
Wed Mar 8 15:08:49 EST 2006


I agree, the strong deniability attack isn't very strong in the real
world, but formal verification is our goal here, not being able to crack
into people's conversations, so we have to include attacks like this and
the authentication failure.

On  0, Paul Wouters <paul at cypherpunks.ca> wrote:
> On Tue, 7 Mar 2006, Andrew S. Morrison wrote:
> 
> > I think the point is that an attacker with tight network control on both
> > end points is capable of removing or mangling the published MAC keys, and
> > thus destroying strong deniability.
> 
> Doesn't the other end check the MAC? If not, perhaps it should. This attack
> should be detectable. Though I guess a complex attack could work where
> the mac is sent *privately* by the attack to the other endpoint's attacker
> to rewrite the packet. But that is a lot of work for destroying strong
> deniability (and wouldn't work on say, a wifi connection, where the attacker
> sees the packet together with everyone else before it can modify it.
> 
> Paul
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev

-- 
Andrew S. Morrison
asm at cs.stanford.edu
(650) 575 9261
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20060308/f6789851/attachment.pgp>


More information about the OTR-dev mailing list