#18973: Possible authentication bug ----------------------------------------+--------------------- Reporter: arlolra | Owner: Type: defect | Status: new Priority: Very High | Milestone: Component: Applications/Tor Messenger | Version: Severity: Critical | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ----------------------------------------+---------------------
Comment (by arlolra): Pasting the contents of the last email exchanged with OP for posterity. No response as of yet but, at this point, the details are probably lost in time. {{{ Let me try to describe what we think we know so far. Thanks again for bearing with me. 1) You have had multiple conversation with that contact in the past. I assume you mean with Tor Messenger, and therefore they were OTR sessions, and that in those previous session you did not verify their fingerprint, and they were with the accounts in question. See 3) though. 2) At the time, you were having two other conversations. I assume they were with your same XMPP account and that, since it was using Tor Messenger, they were also OTR sessions, and that you've since checked that neither of those contacts are in possession of a key with the fingerprint in question. 3) You started an OTR session with the contact. The contact is using a new account (and therefore had a new key). Maybe you meant in 1) the contact themself was not new to you, but that this was the first time you were chatting with this account / key, and therefore decided to authenticate it. Please clarify this situation. 4) You exchanged several messages inside this OTR session. 5) Then, you opened the manual finger verification pane, and in an out-of-band channel, compared fingerprints. You communicated your fingerprint to your contact and it matched. They communicated their fingerprint to you, and it did not match. The first thing to note is that if 5) is true and there was a man-in-the-middle, then it also implies your private key has been compromised. There's no way for the MITM to impersonate you. If they really are in the middle, they need to establish sessions with each of you, so you would both see an unknown key. (Assuming the OTR protocol isn't broken in some unknown way, and that it is implemented correctly ... which, since both clients are using libotr, confidence is high). So, I don't think this was a MITM at the OTR layer. And the TLS layer is irrelevant. There are at least two possibilities I can think of next. One, your contact did actually present this other key the first time around. This is supported by the fact that your "known fingerprints" has recorded it. However, since you must have double checked when fingerprints didn't match, and since they claim to not have restarted their application, it's unlikely. It would be nice if you could get your contact to compute all the fingerprints for the keys in their ~/.purple/otr.private_keys file. Any chance they had another simultaneously connected client? Two, some sort of similar situation like in #17833, where Tor Messenger was presenting to you the fingerprint of a merged contact. This seems like the likelier of the two. }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18973#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs