[OTR-users] mpOTR: replay attacks from insiders
Gregory Maxwell
gmaxwell at gmail.com
Sun Aug 29 16:46:11 EDT 2010
On Sun, Aug 29, 2010 at 4:32 PM, Christoph A. <casmls at gmail.com> wrote:
[snip]
> If I understand AuthSend() - defined in algorithm 5 - correctly, it does
> not contain any counter that would prevent such a replay attack.
> Is that correct or did I miss something that prevents already such an
> attack? (beside the consensus check in shutdown())
I initially replied "The consensus check" but then saw you mentioned that.
I'm not an mpOTR designer, so perhaps there is some other protection
there that I'm missing... But this was how I understood the operation
of the protocol. Do you think that the consensus check is inadequate?
More information about the OTR-users
mailing list