[OTR-dev] OTR using PAKE and for group chat
Louis Granboulan
louis.granboulan.developer at gmail.com
Tue Mar 2 12:10:21 EST 2010
I did not know that OTR could do authentication using a shared secret,
because I see it in http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html
Anyway, password-based authentication is different of shared-key
authentication, because it uses a password of small entropy. The idea is
that enumerating all possible passwords is not feasible on-line, and the
protocol protects against off-line attacks.
Louis
On 19 February 2010 13:31, Ian Goldberg <ian at cypherpunks.ca> wrote:
> On Thu, Feb 18, 2010 at 06:42:33PM +0100, Louis Granboulan wrote:
> > Dear all,
> >
> > I would like to add to an instant messenging framework an end-to-end
> > password-based security layer. Therefore, instead of relying on a
> accepting
> > a public key like OTR, the authentication would rely on a shared password
> > (cf. http://en.wikipedia.org/wiki/Password-authenticated_key_agreement )
> > It appears that instead of re-doing everything from scratch, a better way
> > might be to add this possibility to the already existing OTR framework.
> >
> > However, this would imply some important changes to the OTR library, by
> > adding a non-OTR protocol, and I would like to know if these changes can
> go
> > mainstream when the implementation would be stable.
> > Moreover, I would like to extend the PAKE security to group PAKE if the
> > encryption is started within a multi-user group chat. I did not see any
> > discussion on how to interface the OTR library with group chat.
>
> OTR already has a mechanism for authenticating with a shared secret.
> Can you describe the advantages of your proposal over that?
>
> As for group chat, it's work in progress. We had a paper a few months
> ago in ACM CCS describing a protocol for it, but quite a bit more work
> still needs to be done.
>
> - Ian
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20100302/58f50930/attachment.html>
More information about the OTR-dev
mailing list