[OTR-dev] hooking into otr-pidgin
Ian Goldberg
ian at cypherpunks.ca
Tue Oct 22 08:10:10 EDT 2013
On Tue, Oct 22, 2013 at 12:07:58AM +0200, Moritz Warning wrote:
> is it possible to find out when an authentication fails
> because there might be an imposter?
>
> I might have a number of ip address and like to
> automatically try a different available ip address
> when one doesn't work out.
>
> A possibility would be for the protocol plugin
> to send the other side a cryptographic challenge.
> But for this the protocol would need to be able
> to encrypt/decrypt some data using the otr-purple keys.
>
> Maybe someone has an idea how this could be done.
Do you mean at the AKE phase, or at the SMP phase? I think you mean at
the AKE phase; there, the only notion of identity is the public key
provided (at connection time) by your buddy. That public key is used in
a cryptographic protocol (SIGMA) to ensure your buddy does indeed
possess the private key. Then it's up to you to check if that public
key is the one you expect.
- Ian
More information about the OTR-dev
mailing list