[OTR-dev] Question: Is OTR end to end encrypting ?
Randolph
rdohm321 at gmail.com
Mon Mar 3 14:13:49 EST 2014
thanks, so a MAC key is currently not implemented?
http://en.wikipedia.org/wiki/Message_authentication_code
2014-03-03 20:09 GMT+01:00 Chris Ballinger <chris at chatsecure.org>:
> OTR is end-to-end but requires users to verify their contact's
> fingerprints to prevent active MITM attacks
>
>
> On Mon, Mar 3, 2014 at 5:19 AM, Randolph <rdohm321 at gmail.com> wrote:
>
>> Hello
>> one simple question about OTR, when I use OTR, then encryption is done
>> between user and user or client and server?
>>
>> So is the way: UserclientA->Server1->Server2->userclientB is secured end
>> to end?
>>
>> OTR means D/H Exchange, what about the possible human beeing in the midde
>> attack, that server 2 is sending back a faked key and pretends to be
>> userclientB ?
>>
>> Plans OTR to implement an end to end key, that is sent over an otr
>> connections, so that asymmetric encryption can be switched to symmetric
>> encryption?
>>
>> That way even clients could participate, which have not otr implemented
>> (by giving the end to end key over seperate channel, not otr)
>>
>> Regards
>>
>> _______________________________________________
>> OTR-dev mailing list
>> OTR-dev at lists.cypherpunks.ca
>> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20140303/cc530842/attachment.html>
More information about the OTR-dev
mailing list