thanks, so a MAC key is currently not implemented? http://en.wikipedia.org/wiki/Message_authentication_code
2014-03-03 20:09 GMT+01:00 Chris Ballinger <[email protected]>: > OTR is end-to-end but requires users to verify their contact's > fingerprints to prevent active MITM attacks > > > On Mon, Mar 3, 2014 at 5:19 AM, Randolph <[email protected]> wrote: > >> Hello >> one simple question about OTR, when I use OTR, then encryption is done >> between user and user or client and server? >> >> So is the way: UserclientA->Server1->Server2->userclientB is secured end >> to end? >> >> OTR means D/H Exchange, what about the possible human beeing in the midde >> attack, that server 2 is sending back a faked key and pretends to be >> userclientB ? >> >> Plans OTR to implement an end to end key, that is sent over an otr >> connections, so that asymmetric encryption can be switched to symmetric >> encryption? >> >> That way even clients could participate, which have not otr implemented >> (by giving the end to end key over seperate channel, not otr) >> >> Regards >> >> _______________________________________________ >> OTR-dev mailing list >> [email protected] >> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev >> >> >
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
