[OTR-dev] Flaw in OTR Protocol (with workaround!)
Ian Goldberg
ian at cypherpunks.ca
Thu Aug 4 14:35:35 EDT 2005
On Thu, Aug 04, 2005 at 01:36:01PM -0400, Evan Schoenberg wrote:
> Currently:
> OTR session with Alice
> I exit my client (without selecting End Private Conversation, which
> is what happens with most users)
> I reconnect
> Alice says something. Her client is currently in the Private state,
> with the previous secure session.
> I get an encrypted message I can't read (sent using the encryption
> from the old secure session).
Note that this causes OTR to automatically restart if you're in
Opportunistic mode.
- Ian
More information about the OTR-dev
mailing list