[OTR-dev] Extra symmetric key

Dev Random c1.otr-dev at niftybox.net
Mon Jan 14 00:05:30 EST 2013


Hi all,

I plan to use the Type 8 TLV / extra symmetric key in the Gibberbot
project, but I am puzzled by the description in the OTRv3 spec.

TLVs are already encrypted inside the message envelope.  What is then
the function of the additional key h2(0xFF)?  Since the message is
already encrypted with a related key - h1(), there seems to be no added
security from another layer of encryption.

Could the Type 8 TLV data be used as is (without using h2(0xFF) to encrypt)?

I also note that the libotr4 implementation of otrl_message_symkey
doesn't do any encryption on sending, and only provides h2(0xFF) as a
callback, but doesn't do decryption.

--
Miron / devrandom




More information about the OTR-dev mailing list