[OTR-users] question on Authenticated Key Exchange (AKE)
ix4svs at gmail.com
ix4svs at gmail.com
Sat May 5 07:01:38 EDT 2012
I recently got a question on a blog post that talks a little bit about
OTR usage. The question concerned initial key exchange.
[QUESTION]
... I noticed on the chat history in browser that even before the
first encrypted message is sent, the accounts exchanged some random
large string of text and numbers. Much like the subsequent encrypted
chats. My question is: was the first exchange the key used for
encryption? Because Google has that text, can they decrypt the chats?
[/QUESTION]
[MY ANSWER]
Quick answer: No and no.
Longer answer: I’m not a cryptographer, but the protocol description
and the levels of trust I have for the people who designed the
protocol compel me to answer “no, that first exchange was not the key
used for encryption” (since OTR does not use symmetric crypto anyway,
but rather Diffie/Hellman aka asymmetric aka public-key cryptography).
See http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html for a
high-level description of the steps taken for the Authenticated Key
Exchange (AKE) and
https://en.wikipedia.org/wiki/Off-the-Record_Messaging#Implementation
for an overview of the protection you get with OTR.
It’s not just public crypto – it also provides deniability (i.e. your
messages are not digitally signed by you) and perfect forward secrecy
(i.e. even successful cryptanalysis of one of your messages does not
compromise your other messages).
OTR is pretty serious crypto, with a solid theoretical background and
well-respected people implementing and improving the protocol and
implementations.
[/MY ANSWER]
Can someone who really knows how AKE works please verify that the
answer is not inaccurate/misleading?
Context: https://apapadop.wordpress.com/2012/04/15/stop-google-recording-your-chats/#comments
Thanks
Alex
More information about the OTR-users
mailing list