[OTR-dev] OTR using PAKE and for group chat

Ian Goldberg ian at cypherpunks.ca
Fri Feb 19 07:31:31 EST 2010

On Thu, Feb 18, 2010 at 06:42:33PM +0100, Louis Granboulan wrote:
> Dear all,
> I would like to add to an instant messenging framework an end-to-end
> password-based security layer. Therefore, instead of relying on a accepting
> a public key like OTR, the authentication would rely on a shared password
> (cf. http://en.wikipedia.org/wiki/Password-authenticated_key_agreement )
> It appears that instead of re-doing everything from scratch, a better way
> might be to add this possibility to the already existing OTR framework.
> However, this would imply some important changes to the OTR library, by
> adding a non-OTR protocol, and I would like to know if these changes can go
> mainstream when the implementation would be stable.
> Moreover, I would like to extend the PAKE security to group PAKE if the
> encryption is started within a multi-user group chat. I did not see any
> discussion on how to interface the OTR library with group chat.

OTR already has a mechanism for authenticating with a shared secret.
Can you describe the advantages of your proposal over that?

As for group chat, it's work in progress.  We had a paper a few months
ago in ACM CCS describing a protocol for it, but quite a bit more work
still needs to be done.

   - Ian

More information about the OTR-dev mailing list