[OTR-users] How is OTR messaging with Socialist Millionaire Protocol (SMP) protected from Man In The Middle?

Marin Dzhigarov moder at abv.bg
Tue Aug 20 08:56:43 EDT 2013


 Hello all,

I'm working on a OTR/SMP related problem and I would appreciate anything to help me better understand how OTR/SMP works.

Imagine the next situation:

Alice wants to initiate OTR instant messaging session with Bob but Joe is Man In The Middle.

Alice negotiates a shared secret 'X' with Joe (thinking he is Bob) using Diffie-Hellman.

Joe negotiates another shared secret 'Y' with Bob(Bob is thinking that he is negotiating with Alice) using Diffie-Hellman.

Now Alice and Bob both know that they have established the so called "unverified OTR session", meaning that they are encrypted but none of them have verified their identities (none of them know about the existence of Joe).

So from what I understand, the Socialist Millionaire Protocol is supposed to be the solution of this problem. Alice has to match her shared secret 'X' with Bob's 'Y' and if they don't match - they will know that they have someone (Joe) in the middle, haven't they?

Anyway... Obviously X != Y because Joe is in the middle.

Now, I think I understand the steps in the Socialist Millionaire Protocol but still... I can't see what is stopping Joe from pretending in front of Alice that he is indeed Bob and use SMP to match with her their shared secret 'X' (which they both know)?

Am I missing something? What is the thing that makes OTR with SMP protected from MitM?

Any help would be appreciated!

Thanks in advance!

Regards, 
Marin

-----------------------------------------------------------------
Само сега спечели смартфон SAMSUNG и още много награди!виж
http://www.specheli.eu/specheli-textgbg.php



More information about the OTR-users mailing list