Hello OTR hackers! I'm a little confused about the forgeability feature.
My understanding of forgeability in OTR is this: Since OTR uses a malleable encryption scheme (AES-CTR), an attacker can use the MAC keys exposed by Alice and Bob to modify a known transcript between Alice and Bob and still have it appear valid, assuming the same length of the messages. What I would like to know is when this is actually useful. If Eve has somehow gained access to a transcript, would she then not also have gained access to the MAC keys as well? The only ways I see that Eve could have gained access to the transcripts would be if a) she had broken the security of Alice's or Bob's system, b) she would have been informed by Alice or Bob, or c) she would have been able to perform a man-in-the-middle attack. In either of these cases, she would have acquired access to the MAC keys along with the transcript. Thank you for any clarification that you can give me about this! Warm regards, Jon Kristensen _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
