[guardian-dev] Gibberbot: add strong encryption level

Eugen Leitl eugen at leitl.org
Wed Oct 9 03:02:20 PDT 2013 

----- Forwarded message from Nathan of Guardian <nathan at guardianproject.info> -----

Date: Wed, 09 Oct 2013 05:53:49 -0400
From: Nathan of Guardian <nathan at guardianproject.info>
To: Satz Klauer <satzklauer at googlemail.com>
Cc: Guardian Project mailing lists <guardian-dev at lists.mayfirst.org>
Subject: Re: [guardian-dev] Gibberbot: add strong encryption level
Message-ID: <525527AD.9060905 at guardianproject.info>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8

On 10/09/2013 01:28 AM, Satz Klauer wrote:
> Sorry, I don't agree with you. Servers are "secured" by self-signed
> certificates mainly. If not the whole certificate thingy itself is not
> secure (as we have seen last years where certificate authorities have
> been hacked and crackers have created their own, fully valid but wrong
> certificates).

Gibberbot v12 (aka "ChatSecure") does not use any Certificate Authority
root trust anymore. We either use certificate pinning for known services
like Google, Dukgo, Facebook, etc, or we present a dialog with the
certificate information for manual verification.

That said, as others have pointed out, the *entire* point of OTR is that
you are not trusting the transport encryption or chat server with your
message encryption. Even if the server is 100% compromised, you have a
means to know that your session is being MITM'd as well, if you perform
the verify stap.

More on that below...

> So key exchange is done via an insecure channel, a person does not
> know who gets the key or if there is a man in the middle. So this
> mechanism provides some elusory security.

OTR provides two mechanisms for verification of a key, and we have
worked to make it very easy in Gibberbot/CS to perform this operation,
through a few actions.

Once you start an OTR session up, you are prompted to "Tap to verify".
This brings up the profile dialog box with three options

1) Manually verify fingerprint of the person you are chatting with by
visually comparing your fingerprints (over the phone, etc)

2) Scan the fingerprint of the person using a QR code / barcode scanner,
if you are standing near them

3) Use a Question+Answer or Shared Secret method to authenticate session
(based on the OTR "Socialist Millionaire" protocol) from inside the OTR
chat itself

Once you've done this, you can trust that your session is private and
not being intercepted.

Otherwise, your concept about generating static keys outside of the
session, and pre-sharing and verifying them directly with your contact
is great... it's called OpenPGP! Many people have been asking to add
some form of PGP support into Gibberbot/CS, and we are considering it.

+n






_______________________________________________
Guardian-dev mailing list

Post: Guardian-dev at lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org

You are subscribed as: eugen at leitl.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cypherpunks mailing list