[OTR-dev] otr dh key encryption

[Ileana]

On Tue, 19 Feb 2013 11:36:36 +0100
Kjell Braden <kb at pentabarf.de> wrote:

> On 2013-02-19 05:51, Ileana wrote:
> > Any other comments or additional details are appreciated.
> 
>   In your blog post you mention OTR does DH on the 1536bit prime
> group. It looks like you swapped it in the comparison table.
>   Same goes for the Proof of Communication.

Thanks, will fix.
> 
>   Also, you confuse two different concepts of authentication:
>   Every OTR session uses cryptographic authentication. If you
> previously marked a key as trusted (ie. you know it belongs to the
> reported owner), OTR will flag it as trusted again if you come back
> later to the same DSA key.

OK...well this has been a confusion for me.  Again, would like some
kind of diagram here...because I know OTR compares the fingerprints (or
allows for comparison).  That seems like authentication to me...A
constant fingerprint.  So OTR also creates and stores a DSA key to be
used for authentication?  I thought El/gamel or RSA was supposed to be
used...but beyond that its over my head do to vulnerabilities with DSA
auth.

But to be honest, I don't use OTR this way.  I manually use new login
names, and delete all the old keys so every-time I connect it generates
a new key.  

Am I right to assume that this DSA hash authentication is actually done
within the encrypted tunnel of dh/aes?  My concern is that such
signature exchanges in the clear would be subject to traffic analysis.



>   Claiming that torchat had automatic authentication while OTR used 
> manual authentication is misleading, because the same manual 
> authentication appears in torchat by exchanging the hidden service 
> address (see Gregory's post).
> 

I believe the difference is that this is not really a normal
authentication as is done...it is a manual inspection of the
fingerprint, and marking it as trusted, rather then the tor software
which internally authenticates the hidden service for you.