[OTR-dev] OTR using PAKE and for group chat
Paul Wouters
paul at cypherpunks.ca
Tue Mar 2 18:37:21 EST 2010
On Tue, 2 Mar 2010, Ian Goldberg wrote:
> See http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html (the current
> version). It's the "Socialist Millionaires' Protocol" (SMP).
> OTR's shared secret authentication indeed protects against offline
> attacks. The SMP yields a joint computation of w^{x-y} (mod a big
> prime), where x and y are the parties' secrets, and w is a random number
> known to nobody. If x = y, this equals 1, and if x \not= y, this is a
> random number which leaks no information about x or y, even if you know
> the other one. It's meant to be used exactly in the low-entropy
> scenario.
Anyone knows why Adium still does not support that?
Paul
More information about the OTR-dev
mailing list