[OTR-users] mpOTR: detecting manipulations to the random contributions of SessionID()

Christoph A. casmls at gmail.com
Fri Aug 27 11:37:08 EDT 2010


Hi,

I would have another question regarding which function detects
manipulations of the random contributions to generate the unique session
id (sid), and if it is necessary that Attest() checks for manipulations
of the sid.

http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf
chapter 4.2
"
If the adversary has manipulated
the random contributions (x), it will be detected during the
Attest() algorithm executed at the end of Initiate() when
sidi and any other unauthenticated parameters paramsi are
authenticated.
"

A manipulation of x would result in differing sids - assuming H() is
collision resistant.
Alice would generate sid, while B generates sid' (sid!=sid').
If sids are differing, AuthUser() will fail. If AuthUser() fails the
session initiation is aborted before reaching Attest().

Isn't it the case that the random contributions (x) are therefore
indirectly authenticated by DSKE()/AuthUser() and not by Attest()?

If you can not reach Attest() if one of the random contributions was
manipulated you may omit the verification of sid within Attest().

But unfortunately this doesn't give you any benefit as I guess the
calculation of H(params) will not be faster then H(sid, params), because
the sid is only 256 bit long(?).


kind regards,
Christoph


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20100827/a39f1732/attachment.pgp>


More information about the OTR-users mailing list