[guardian-dev] gibberbot, OTR, xmpp, android in general

Natanael natanael.l at gmail.com
Mon Dec 2 14:00:09 EST 2013 

OTR is by definition forward secure (off the record messaging), it
always uses "ephemeral" session keys (what the E in DHE comes from),
and if you verify the OTR public key of who you are talking to then
the OTR encryption will be secure. If the SSL session is attacked, the
attacker can at best end the connection to your chat server or try to
send malformed packages hoping that your client will crash or get
DDoS:ed, and they can also send non-OTR Jabber messages. They could
potentially attempt to hijack your Jabber account as well (sending
messages to other people from it), but they still can't intitiate
verified OTR chats with anybody who knows your OTR public key.

On Mon, Dec 2, 2013 at 7:46 PM, shmick at riseup.net <shmick at riseup.net> wrote:
> hello all,
>
> i have a lot of things floating around that im really unable to answer
> critically without the required level of knowledge
>
> essentially, i make use of your fantastic gibberbot 0.0.11-RC5 (i
> currently can't update to chat secure due to phone storage) and chat
> connected to jabber.ccc.de [1] as an example
>
> packet traces show that gibberbot presents 35 cipher suites to offer and
> eventually my session is secured with TLS_RSA_WITH_RC4_128_MD5; an SSLv3
> suite
>
> what i can say is that if my browser was using this suite over 'https'
> it would generally be accepted as insecure but i just don't know enough
> about jabber/xmpp et al to say when using 'OTR' whether it would be safe
>
> does OTR always use forward secrecy and is this suite safe even though
> it's RC4 with MD5 ? i can only surmise that since the negotiated suite
> is not an ECDHE, DHE or EDH one then how would forward secrecy occur ?
>
> why does gibberbot even need to offer RC4_40, DES40 and empty negotiation ?
>
> i read [2] once that android and the underlying java sub system overides
> all the cipher suites 'iff' the client is not coded/created in a way
> that presents its own preferences
>
> so i assume gibberbot does not override the android and java default
> insecure protocols or are there improvements in chatsecure ?
>
> how could this have even been approved into android (out comes the tin
> foil hat; not taking it off just yet)
>
> [1] http://xmpp.net/result.php?domain=jabber.ccc.de&type=client
> [2] http://op-co.de/blog/posts/android_ssl_downgrade/
>
>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/natanael.l%40gmail.com
>
> You are subscribed as: natanael.l at gmail.com

More information about the Guardian-dev mailing list