[guardian-dev] Gibberbot: add strong encryption level
Nathan of Guardian
nathan at guardianproject.info
Wed Oct 9 05:53:49 EDT 2013
On 10/09/2013 01:28 AM, Satz Klauer wrote:
> Sorry, I don't agree with you. Servers are "secured" by self-signed
> certificates mainly. If not the whole certificate thingy itself is not
> secure (as we have seen last years where certificate authorities have
> been hacked and crackers have created their own, fully valid but wrong
> certificates).
Gibberbot v12 (aka "ChatSecure") does not use any Certificate Authority
root trust anymore. We either use certificate pinning for known services
like Google, Dukgo, Facebook, etc, or we present a dialog with the
certificate information for manual verification.
That said, as others have pointed out, the *entire* point of OTR is that
you are not trusting the transport encryption or chat server with your
message encryption. Even if the server is 100% compromised, you have a
means to know that your session is being MITM'd as well, if you perform
the verify stap.
More on that below...
> So key exchange is done via an insecure channel, a person does not
> know who gets the key or if there is a man in the middle. So this
> mechanism provides some elusory security.
OTR provides two mechanisms for verification of a key, and we have
worked to make it very easy in Gibberbot/CS to perform this operation,
through a few actions.
Once you start an OTR session up, you are prompted to "Tap to verify".
This brings up the profile dialog box with three options
1) Manually verify fingerprint of the person you are chatting with by
visually comparing your fingerprints (over the phone, etc)
2) Scan the fingerprint of the person using a QR code / barcode scanner,
if you are standing near them
3) Use a Question+Answer or Shared Secret method to authenticate session
(based on the OTR "Socialist Millionaire" protocol) from inside the OTR
chat itself
Once you've done this, you can trust that your session is private and
not being intercepted.
Otherwise, your concept about generating static keys outside of the
session, and pre-sharing and verifying them directly with your contact
is great... it's called OpenPGP! Many people have been asking to add
some form of PGP support into Gibberbot/CS, and we are considering it.
+n
More information about the Guardian-dev
mailing list