[OTR-users] new user, comments on authentication

Ian Goldberg ian at cypherpunks.ca
Mon Nov 26 18:41:47 EST 2007


On Mon, Nov 26, 2007 at 10:31:47AM -0500, Gregory Maxwell wrote:
> My past somewhat negative comments on this approach were not intended
> to claim that it isn't secure.  Rather I was disappointed that OTR
> wouldn't also use the shared secret to increase resistance to any
> possible future DH weakness.  However, if DH is found to be
> substantially weaker than expected OTR will probably be the last of
> our problems...

Indeed, if DH is weak, we're pretty much hosed all around.  The other
problem is that requiring the shared secret to be entered before the
first DH was calculated would have been bad for UI, and prevented
agreement on the secret.

As for normalization: that's hard to do when you don't know what the
users will be entering.  But the users can say (in-band) "that
restaurant we went to that time, all lowercase, no spaces".

   - Ian



More information about the OTR-users mailing list