[OTR-dev] otr dh key encryption
ileana at fairieunderground.info
Tue Feb 19 13:23:17 EST 2013
On Tue, 19 Feb 2013 11:36:36 +0100
Kjell Braden <kb at pentabarf.de> wrote:
> On 2013-02-19 05:51, Ileana wrote:
> > Any other comments or additional details are appreciated.
> In your blog post you mention OTR does DH on the 1536bit prime
> group. It looks like you swapped it in the comparison table.
> Same goes for the Proof of Communication.
Thanks, will fix.
> Also, you confuse two different concepts of authentication:
> Every OTR session uses cryptographic authentication. If you
> previously marked a key as trusted (ie. you know it belongs to the
> reported owner), OTR will flag it as trusted again if you come back
> later to the same DSA key.
OK...well this has been a confusion for me. Again, would like some
kind of diagram here...because I know OTR compares the fingerprints (or
allows for comparison). That seems like authentication to me...A
constant fingerprint. So OTR also creates and stores a DSA key to be
used for authentication? I thought El/gamel or RSA was supposed to be
used...but beyond that its over my head do to vulnerabilities with DSA
But to be honest, I don't use OTR this way. I manually use new login
names, and delete all the old keys so every-time I connect it generates
a new key.
Am I right to assume that this DSA hash authentication is actually done
within the encrypted tunnel of dh/aes? My concern is that such
signature exchanges in the clear would be subject to traffic analysis.
> Claiming that torchat had automatic authentication while OTR used
> manual authentication is misleading, because the same manual
> authentication appears in torchat by exchanging the hidden service
> address (see Gregory's post).
I believe the difference is that this is not really a normal
authentication as is done...it is a manual inspection of the
fingerprint, and marking it as trusted, rather then the tor software
which internally authenticates the hidden service for you.
More information about the OTR-dev