[OTR-users] does authentication depend on secrecy of private key

Greg Reagle reagle at cepr.net
Fri Apr 17 10:18:16 EDT 2015


Hello all.  I have a question about authentication in OTR.  The docs say
"However, once you've authenticated your buddy, you don't have to do it
again. OTR will automatically do the authentication for all of your
future conversations with that buddy." [1]  My understanding is that the
authentication is based on the idea that your buddy has a private key
that no one else has.  So what if you authenticate with your buddy Bob,
then, somehow, Mallory gets access to Bob's computer and gets his secret
key.  Then OTR will continue to say that you are having an authenticated
session with Bob , but it could be Mallory?  Is that right?

[1] https://otr.cypherpunks.ca/help/4.0.0/authenticate.php?lang=en

-- 
Greg Reagle
System & Network Administrator
Center for Economic and Policy Research
reagle at cepr.net


More information about the OTR-users mailing list