[OTR-users] OTR - AKE v2
CLAY SHENTRUP
CLAY at BROKENLADDER.COM
Fri Mar 24 03:54:49 EST 2006
On 3/19/06, Ian Goldberg <ian at cypherpunks.ca> wrote:
>
> 1: A -> B: H(g^x), E(r, g^x), where r is a random symmetric key
> 2: B -> A: g^y
> 3: A -> B: r, "A", Sign...
> 4: ...
>
> Alice sends the value of g^x in the first message, but encrypts it with a
> random key. She then reveals the key in message 3, which is equivalent
> to revealing the value of g^x. The 128-bit r is much smaller than the
> 1500+ bit Diffie-Hellman exponent g^x, and this way message 3 *just*
> squeaks by under the message size limits. Welcome to real-world
> security protocol engineering!
You are a kinder, more tolerant man than I. I have to admit, I'd be
ignoring any protocol but Jabber.
CLAY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20060324/05391d02/attachment.html>
More information about the OTR-users
mailing list