[OTR-users] OTR mentioned in Snowden documents?
Ian Goldberg
ian at cypherpunks.ca
Thu Sep 12 15:51:21 EDT 2013
On Thu, Sep 12, 2013 at 12:40:09PM -0700, Gregory Maxwell wrote:
> For OTR, however, I don't see how this could result in traffic
> interception unless it was also coupled with MITM (e.g. use a DSA
> attack with duplicated R to recover the users authentication private
> key, them MITM the DH). If that was going on at any scale we could
> detect it by comparing the session keys on each side. Sadly, in
> pidgin otr there doesn't appear to be a way to get a fingerprint of
> the current session key.
Securely comparing the session keys with the person you think your buddy
is, is exactly what the SMP does.
There used to be the "secure session id" (a hash of the session key)
exposed, but you'd have to compare it out of band, and No One Does That
(TM). So now it's compared with the zero-knowledge SMP protocol (along
with the fingerprints at both ends, and the shared secret / answer to
the secret question).
- Ian
More information about the OTR-users
mailing list