[OTR-dev] Question: Is OTR end to end encrypting ?
chris at chatsecure.org
Mon Mar 3 14:09:22 EST 2014
OTR is end-to-end but requires users to verify their contact's fingerprints
to prevent active MITM attacks
On Mon, Mar 3, 2014 at 5:19 AM, Randolph <rdohm321 at gmail.com> wrote:
> one simple question about OTR, when I use OTR, then encryption is done
> between user and user or client and server?
> So is the way: UserclientA->Server1->Server2->userclientB is secured end
> to end?
> OTR means D/H Exchange, what about the possible human beeing in the midde
> attack, that server 2 is sending back a faked key and pretends to be
> userclientB ?
> Plans OTR to implement an end to end key, that is sent over an otr
> connections, so that asymmetric encryption can be switched to symmetric
> That way even clients could participate, which have not otr implemented
> (by giving the end to end key over seperate channel, not otr)
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OTR-dev