1

As I'm currently playing around with cryptography, especially OTR, I'm wondering about its security against active MitM attacks.

Let's say Alice and Bob created an OTR session, but Eve is acting as a MitM, changing messages, so that she can decrypt Bobs messages to Alice, reads them(may even change something), encrypts them again and sends them to Alice (and vice versa).

In this case, Bob and Alice would not have each others public key, but instead Eve's, is this right?

So the Socialist Millionaire Protocol is used to verify, that A. and B. are talking to each other, without a MitM interfering.

How is this working? I understand the case in which they ask each other a question, but is there a way doing this or ensuring, that no MitM is interfering without extra user input or fingerprint checking?

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
marius_linux
  • 119
  • 1
  • You are asking the same question as [this one](http://security.stackexchange.com/questions/40915/how-is-otr-messaging-with-socialist-millionaire-protocol-smp-protected-from-ma), besides I find [OTR specification](https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html) detailed and very clear. –  Jul 18 '15 at 11:51
  • You're right, I already read the question to this answer, but was still unsure whether a more or less pre-shared-secret is needed or not. But reading the second answer, this became clear now, and this question is solved, Thanks :-) – marius_linux Jul 18 '15 at 13:18

0 Answers0