[OTR-users] Question About OTR Security
rookcifer
rookcifer at gmail.com
Tue Apr 24 05:10:11 EDT 2012
I saw a paper entitled "Finite-State Security Analysis of OTR Version 2"
by two researchers at Stanford. In the paper they describe a couple of
potential security flaws with OTR. From the abstract:
"In this paper we describe the results of a finite-state security anal-
ysis of the OTR protocol. In addition to finding several
security issues in the process of modeling the protocol, our
model has discovered security problems in both the authen-
ticated key exchange and data exchange phases of the pro-
tocol. The security problem during data exchange leads to
an attack where by an active attacker can modify a message
without detection by either party or disruption of the proto-
col. In addition to describing the attacks found, we describe
possible solutions where appropriate."
So my question, have these attacks been addressed and has the advice of
the paper's authors (in relation to strengthening of the protocols) been
applied?
More information about the OTR-users
mailing list