[OTR-users] mpOTR: replay attacks from insiders

Christoph A. casmls at gmail.com
Sun Aug 29 16:32:44 EDT 2010


Hi,

sorry to bother you again with mpOTR stuff, let me know if there is a
better place to discuss mpOTR related questions.
http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf

Example:
Alice's view of a chat session:

1 Charlie: Alice, go ahead ask your questions.
2 Alice: Do you like ice [y/n]?
3 Bob: y
4 Alice: Do you like soccer [y/n]?
5 Bob: y


Line 5: Bob actually doesn't like soccer and answered with 'n' but
Charlie dropped that message and replayed Bob's message from line 3
instead. For Alice line 5 looks ok because Bob's signature was
successfully validated.

If I understand AuthSend() - defined in algorithm 5 - correctly, it does
not contain any counter that would prevent such a replay attack.
Is that correct or did I miss something that prevents already such an
attack? (beside the consensus check in shutdown())

kind regards,
Christoph
--
A per participant message counter included in sign() could prevent such
a replay attack from an insider. e.g.: o = sign(sid, C, msgctr)






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20100829/b4c416c1/attachment.pgp>


More information about the OTR-users mailing list