[OTR-users] OTR and OpenSSL Heartbleed vulnerability?

Bernard Tyers - ei8fdb ei8fdb at ei8fdb.org
Wed Apr 16 17:28:44 EDT 2014 

Hi Daniel,


On 16 Apr 2014, at 22:14, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> On 04/16/2014 04:32 PM, Bernard Tyers - ei8fdb wrote:
> 
>> Can you explain when where an IM client would use openssl in terms of OTR? I think I am misunderstanding the your comment. 
>> 
>> I’d like to know how IM clients (if any) could be affected, in terms of OTR, or file transfers, etc..
> 
> 
> I use IRSSI as an XMPP and IRC client.  it uses openssl to connect to
> those IRC and XMPP servers that use TLS.  It also has an OTR plugin,
> which uses gcrypt for the crypto.  The plugin is a shared object, which
> means it loads and runs code in the main IRSSI process.
> 
> If the client's connection to an IRC or XMPP server fails, it tries to
> reconnect automatically.

Thanks for the explanation.

> here's what an attacker in control of the network would do to get my OTR
> key:
> 
> * send a TCP RST to cause an existing IRC or XMPP connection to fail
> 
> * when the client tries to reconnect, it tries to make a TLS handshake
> with the remote server; the attacker handles this connection
> 
> * during the TLS handshake phase, the client is vulnerable to the
> server, which may itself send heartbeat messages, including malicious
> ones.  this can happen even before the server is authenticated.
> 
> * the attacker delays completion of the TLS handshake, but instead
> sends malicious heartbeat messages.
> 
> * IRSSI spits out chunks of memory to the attacker

Presumably, other IM clients who use TLS to connect to service <servername here> would be equally as vulnerable, right? 

In which case, OTR *in isolation* is secure, however it could be compromised via the vulnerable service. Correct?

So, from that, how can I as an irssi XMPP/IRC service user protect myself against the heartbleed vuln? The services I use still need to patch if they are vulnerable to it, right?

> * this memory may include my OTR secret keys.

Would the OTR secret keys be identifiable as such, or would it be “something that looked like a secret key”?

> hth,

Yes it does, thanks.

Bernard

--------------------------------------
Bernard / bluboxthief / ei8fdb

If you’d like to get in touch, please do: http://me.ei8fdb.org/




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20140416/de37a7a7/attachment.pgp>

More information about the OTR-users mailing list