[OTR-users] Question-/Anwer authentication - Possible improvement

Ximin Luo infinity0 at gmx.com
Wed Dec 11 06:30:29 EST 2013 

Whether people do OTR "authentication" (key validation is the more universal
term) properly, is not dependent on how technical they are, but by how much
they care about their security. I know plenty of non-techie activists who do it
properly, because they care. Likewise, I know plenty of techies that don't do
it, because they don't care, even though they fully understand the implications
of not doing so.

IMO the reluctance of certain techies to follow security protocols carefully,
sets a bad example for ordinary users. Typically, they say they cannot be
bothered to perform a minor manual task on the basis of "it should be done by
the computer". But MITM protection will *always require* some manual step,
otherwise it is susceptible to the attacker guessing what the automatic part
would have been. It is a human logistics problem, not a computer science problem.

Sure, tools ought to be as convenient as possible, but if you're the user and
you don't have a more convenient tool, you ought to use it properly. If not,
then at least explain to the user that this is bad for security. The Germans
lost WWII because of crappy key management practises.

X

On 11/12/13 10:31, Jan Wort wrote:
> 
> Sadly I don't have a great idea to solve the problem either, but I experienced
> similar problems (and solutions)  with authentication. I used as well the "2
> Words, all lowercase"-like workaround, nevertheless I and the other person
> often failed. The best way I found is to set up the authentication in real live
> and to tell "now write [these characters]".
> It is a great improvement to have the shared answer-question instead of having
> to read the keys itself. But at least in my experience  authentication is not
> done even by technology and security-wise actually well educated individuals.
> E.g. most computer scientists I know have not done it (but use the encryption
> part of OTR), not to speak of "non-nerds" who don't understand at all what I
> want them to do and who are not very enthusiastic anymore once we failed 1 or 2
> times to get the shared secret answer right.
> - Jan
> 
> 
> Ian Goldberg <ian at cypherpunks.ca> schrieb am 15:43 Dienstag, 10.Dezember 2013:
> On Tue, Dec 10, 2013 at 03:34:09PM +0100, Daniel Brendle wrote:
>> Hello, OTR-people
>>
>>
>> //Edit. As i read through my email again, i recognized that it would be
>> more readable writing "person A" for the person that wants to
>> authenticate someone by question-and-answer and "person B" for the
>> person who is to answer the secret question.
>>
>> I have a question regarding the question/answer-authentication-process
>> in OTR. It often happens, that me and friends, who i try to convince to
>> using OTR end up doing the authentication several times because of mere
>> typos or upper-/lowercase stuff. In other cases, person B knows the
>> right answer to the question but expresses it in an other manner that
>> person A the question expected.
>>
>> When i understand OTR right, the communication (also the
>> verification-process) is already done under the protection of
>> encryption.
>> Wouldn't it be possible to send the question to person B, wait for the
>> answer and let person A interpret the result, not the machine, without
>> losing strength of security?
>>
>> As i see it, it would even increase security as well as usability:
>>
>> 1. We could utilize much more complicated questions that require much
>> more complicated answers, which were, as it currently is done,
>> impossible to do because there are differences in the version of person
>> A and person B.
>> 2. It would increase usability of OTR and thereby acceptance by more
>> normal not-geeky people.
>>
>> Maybe i am missing something. Why is OTR not working the way i
>> described?
>>
>> Regards, Grindhold
>>
>> Kudos to the OTR-Devs. You are doing marvellous work.
> 
> Unfortunately, that would be fatal to security.  The purpose of the
> authentication protocol is to distinguish the case where Alice is
> talking directly to Bob over an encrypted channel (the desired case)
> from the case where Alice is talking to an eavesdropper over an
> encrypted channel, and the eavesdropper forwards the messages to Bob
> over another encrypted channel (the man-in-the-middle case).  See
> https://otr.cypherpunks.ca/help/4.0.0/levels.php
> <https://otr.cypherpunks.ca/help/4.0.0/levels.php>for a picture.
> 
> If Bob just typed his answer and it was sent to Alice, then in the
> second case, the eavesdropper would *also* see the answer, and indeed
> Alice would accept the answer.  This would be very bad.
> 
> What I typically do is ask the question, and also put something like "(2
> words, all lowercase)" at the end of the question.
> 
>   - Ian
> 
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca <mailto:OTR-users at lists.cypherpunks.ca>
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
> 
> 
> 
> 
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
> 


-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20131211/74222f15/attachment.pgp>

More information about the OTR-users mailing list