[OTR-users] Does OTR cache authentication questions?

Ian Goldberg ian at cypherpunks.ca
Tue Sep 10 16:46:21 EDT 2013 

On Tue, Sep 10, 2013 at 02:45:16PM +0200, Pete Stephenson wrote:
> On Tue, Sep 10, 2013 at 2:24 PM, Ian Goldberg <ian at cypherpunks.ca> wrote:
> > I would normally expect the session keys to have changed by then, and so
> > the (long-delayed) message should have become unreadable by your buddy?
> 
> The long-delayed authentication message was readable by him.
> 
> > Or is it the case that right after you originally sent the auth
> > request, you stopped chatting for a week (but kept your IM clients
> > open)?
> 
> No. I apologize for the confusion. Here's what happened:
> 
> (Chat session a month or two ago)
> 1. My friend and I are chatting in an Unverified OTR-secured session.
> 2. I sent a question-and-answer authentication request to my friend.
> 3. A few minutes elapse without any response to the request. Both of
> us remain online and connected during the time, and we exchange
> several IMs while I'm waiting for him to complete the authentication
> request.
> 4. I IM my friend to inquire if he received the request. He says he
> never received it.
> 5. I send him a new request with a different question.
> 6. He receives the new request, answers the new request correctly, and
> thus authenticates himself to me.
> 
> (Chat session today)
> 1. My friend and I are chatting in an unencrypted, non-OTR-secured
> session. I am using the same computer (with Pidgin/OTR the same as
> before), though I have restarted several times since the previous
> session.

Does "restarted" here mean "stopped and started pidgin", "rebooted the
computer", or something else?

> He is using a new system (same hardware, but he reformatted
> and reinstalled Windows between our last session and today).
> 2. My friend and I wish to chat securely, so he installs OTR,
> generates a new keypair, and we establish an Unverified OTR-secured
> session.

At this point, you cannot possibly be using the same session key as you
were using before.

> 3. We chat for a few minutes over this Unverified session.
> 4. I initiate a question-and-answer authentication request to my friend.
> 5. My friend sees the question from the long-delayed authentication
> request (sent in step 2 in the chat session a month or two ago) but
> does not receive the authentication request I sent in step 4 today.

Sorry, but no way.  That message was encrypted with a key that no longer
exists.  Long-delayed messages on Google XMPP would not explain this
behaviour.

> 6. He answers the long-delayed authentication request. However, since
> the questions and answers in the two requests were different (and my
> client expects the answer to the new request, not the long-delayed
> one) my system says he failed the request.
> 7. He IMs me to ask why, as he correctly answered the long-delayed question.
> 8. After further discussion we discover that he had only seen the
> long-delayed question, not the current one.
> 9. I send him another question-and-answer authentication request (with
> a different question and answer than the long-delayed one and the one
> in step 4). He correctly answers this request and my system shows him
> as verified.

The most likely explanation I can think of is that your friend saw the
authentication dialog box, didn't read it carefully, and just assumed
(and reported to you) that it was the same question as last time, when
in fact it was different.

Could that possibly be the case?

   - Ian

More information about the OTR-users mailing list