[OTR-users] Does OTR cache authentication questions?
Pete Stephenson
pete at heypete.com
Tue Sep 10 06:47:02 EDT 2013
Hi all,
I just ran into an interesting situation with a friend of mine. We
both use OTR 4.0.0-1 for Pidgin/libpurple 2.10.7 on Windows 7 64-bit.
A month or two ago we tried authenticating using the
question-and-answer method. For some unknown reason, one particular
authentication question never made it from my system to his, so I hit
cancel. An hour or so later I tried again and the authentication
worked.
Today, my friend and I were chatting unencrypted, without OTR (he was
using a new system that had Pidgin but not OTR, while I was still
using the same system as I had been before). After a few minutes of
chatting, he installed OTR and I tried authenticating him with the
question-and-answer authentication using a different question than the
one I asked a month or two ago.
Unbeknownst to me, my friend was prompted for the undelivered question
from the session a month or so ago rather than the question I asked
during this session. Naturally, he failed the authentication attempt
since the answer to the undelivered question was different from the
answer to today's question. A second attempt today at
question-and-answer authentication worked correctly.
Does OTR cache authentication questions in case they're not delivered
by the underlying IM service?
Since we both thought this was a bug and wanted to provide a more
detailed bug report we tried replicating the situation but were unable
to successfully do so. Sorry. I suppose we could blame it on cosmic
rays or planetary alignment or something. :)
Cheers!
-Pete
--
Pete Stephenson
More information about the OTR-users
mailing list