I recently got a question on a blog post that talks a little bit about OTR usage. The question concerned initial key exchange.
[QUESTION] ... I noticed on the chat history in browser that even before the first encrypted message is sent, the accounts exchanged some random large string of text and numbers. Much like the subsequent encrypted chats. My question is: was the first exchange the key used for encryption? Because Google has that text, can they decrypt the chats? [/QUESTION] [MY ANSWER] Quick answer: No and no. Longer answer: I’m not a cryptographer, but the protocol description and the levels of trust I have for the people who designed the protocol compel me to answer “no, that first exchange was not the key used for encryption” (since OTR does not use symmetric crypto anyway, but rather Diffie/Hellman aka asymmetric aka public-key cryptography). See http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html for a high-level description of the steps taken for the Authenticated Key Exchange (AKE) and https://en.wikipedia.org/wiki/Off-the-Record_Messaging#Implementation for an overview of the protection you get with OTR. It’s not just public crypto – it also provides deniability (i.e. your messages are not digitally signed by you) and perfect forward secrecy (i.e. even successful cryptanalysis of one of your messages does not compromise your other messages). OTR is pretty serious crypto, with a solid theoretical background and well-respected people implementing and improving the protocol and implementations. [/MY ANSWER] Can someone who really knows how AKE works please verify that the answer is not inaccurate/misleading? Context: https://apapadop.wordpress.com/2012/04/15/stop-google-recording-your-chats/#comments Thanks Alex _______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
