[OTR-users] Question-/Anwer authentication - Possible improvement

Ian Goldberg ian at cypherpunks.ca
Tue Dec 10 09:39:44 EST 2013


On Tue, Dec 10, 2013 at 03:34:09PM +0100, Daniel Brendle wrote:
> Hello, OTR-people
> 
> 
> //Edit. As i read through my email again, i recognized that it would be
> more readable writing "person A" for the person that wants to
> authenticate someone by question-and-answer and "person B" for the
> person who is to answer the secret question.
> 
> I have a question regarding the question/answer-authentication-process
> in OTR. It often happens, that me and friends, who i try to convince to
> using OTR end up doing the authentication several times because of mere
> typos or upper-/lowercase stuff. In other cases, person B knows the
> right answer to the question but expresses it in an other manner that
> person A the question expected.
> 
> When i understand OTR right, the communication (also the
> verification-process) is already done under the protection of
> encryption.
> Wouldn't it be possible to send the question to person B, wait for the
> answer and let person A interpret the result, not the machine, without
> losing strength of security?
> 
> As i see it, it would even increase security as well as usability:
> 
> 1. We could utilize much more complicated questions that require much
> more complicated answers, which were, as it currently is done,
> impossible to do because there are differences in the version of person
> A and person B.
> 2. It would increase usability of OTR and thereby acceptance by more
> normal not-geeky people.
> 
> Maybe i am missing something. Why is OTR not working the way i
> described?
> 
> Regards, Grindhold
> 
> Kudos to the OTR-Devs. You are doing marvellous work. 

Unfortunately, that would be fatal to security.  The purpose of the
authentication protocol is to distinguish the case where Alice is
talking directly to Bob over an encrypted channel (the desired case)
from the case where Alice is talking to an eavesdropper over an
encrypted channel, and the eavesdropper forwards the messages to Bob
over another encrypted channel (the man-in-the-middle case).  See
https://otr.cypherpunks.ca/help/4.0.0/levels.php for a picture.

If Bob just typed his answer and it was sent to Alice, then in the
second case, the eavesdropper would *also* see the answer, and indeed
Alice would accept the answer.  This would be very bad.

What I typically do is ask the question, and also put something like "(2
words, all lowercase)" at the end of the question.

   - Ian



More information about the OTR-users mailing list