[OTR-dev] Is "Version rollback" attack fixed in 4.0?

Ian Goldberg ian at cypherpunks.ca
Tue May 8 17:53:47 EDT 2012

On Mon, May 07, 2012 at 04:44:26PM +0000, Ague Mill wrote:
> Hi!
> I am glad to see OTR development (visibly) moving foward again! :)
> From a quick look at commit logs in libotr repository, I have not
> been able to figure out if the future version 4.0 is still vulnerable to
> the "Version rollback" attack that was described in the paper
> "Finite-State Security Analysis of OTR Version 2" [1] by Joseph Bonneau
> and Andrew Morrison.
> [1] http://www.jbonneau.com/OTR_analysis.pdf
> Has this been fixed already? And if it has not, would it be hard to
> prevent two clients to switch back to an earlier version of the
> protocol?
> Thanks,
> -- 
> Ague

I actually wouldn't mind just removing support for v1 entirely.  I don't
know of any v1-only clients out there.  Does anyone else?

Then it would just be a matter of removing OTRL_POLICY_ALLOW_V1 from the
macros in proto.h.

   - Ian

More information about the OTR-dev mailing list