[OTR-users] OTR mentioned in Snowden documents?
Mike Minor
mike at firstworldproblems.com
Fri Sep 6 12:46:52 EDT 2013
On Sep 6, 2013, at 8:51 AM, Viktor Stanchev <me at viktorstanchev.com> wrote:
> When using cryptocat I often find myself validating the fingerprint using another channel, for example Facebook over https, thinking it's non trivial for a man in the middle attack to work or that no one cares what I'm saying anyway. If that channel is compromised an attacker can make sure that the fingerprints sent are altered for both users and it wouldn't be suspicious at all. This lets them conduct a man in the middle attack. Maybe the NSA automated this process for all insecure channels.
>
> -Viktor
Occam's razor would tell us your hypothesis in explaining the NSA claim should be one of the least plausible due to the number of assumptions one would need to make.
No doubt, an adversary might take such exceptional steps to MITM a very high value target. However, such a complex attack for mass surveillance is unlikely I believe.
More information about the OTR-users
mailing list