[OTR-dev] SESS_DIR_LOW vs SESS_DIR_HIGH?
Ian Goldberg
ian at cypherpunks.ca
Tue Jan 25 19:46:24 EST 2005
On Tue, Jan 25, 2005 at 05:01:43PM -0600, Evan Schoenberg wrote:
> Ah, I see. If I'm putting it somewhere in plain (unformatted) text,
> what do you think would be a good label for each part, then? Right now
> I have whichever one would be bold in gaim-otr being labeled the
> "incoming" secure ID, and the other the "outgoing."
The "printf UI" version of otrproxy surrounds the part that should be
bold with asterisks:
*** Tue Jan 25 11:09:26 2005
*** INFO: Private connection established
Private connection with mumblemumble (AIM/ICQ) established.
Fingerprint:
36D65628 A56C5E5C 376F1E88 BA2EFC04 BF07DBA9
Secure ID for this session:
*aa687ac829b0367854f6* 0333b95bf0e1726c49c7
> >gaim-otr's README says:
> > If they're
> > both correct, you're assured that there's no one intercepting your
> > private conversation. This is secure, even if you know that one or
> > both of your private keys have been compromised.
> >
>
> Damnit, read the README and forgot that part. I hate asking questions
> which are already answered :)
>
> How is it that this is secure even if one or both private keys are
> compromised?
The private keys are used to sign the DH key exchange; that's the
primary way you know the person at the other end of the DH-secured
tunnel is who you think it is. But if the DH keys have been
compromised, hearing your friend read the secure session id (which is a
hash of the DH shared secret) will do just as well to convince you.
- Ian
More information about the OTR-dev
mailing list