IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [off-the-record]

Off-the-Record Messaging (OTR) is a protocol for encrypted instant messaging using Diffie-Hellman key exchange and AES-128 encryption.

7 questions
4
votes
1 answer

How does OTR's authentication using "Question and answer" protect against MiTM?

I've read that the answer has something to do Socialist Millionaire, but I still don't understand how can the user be protected against malicious Man In The Middle, which would capture the question and answer by itself if it knows the answer. Could…
d33tah
  • 6,524
  • 8
  • 38
  • 60
4
votes
2 answers

How to establish a random OTR remote party as a specific individual?

In reading Glenn Greenwald's 2014 book No place to hide, one thing stood out to me as a bit odd. Greenwald details how Edward Snowden was insistent that Greenwald install PGP in order to communicate securely, but Snowden then later (before PGP…
user
  • 7,670
  • 2
  • 30
  • 54
4
votes
1 answer

Mixing Off-The-Record and classic SSL

I am developing some pubsub system on top of Node.js and Socket.io. I decided to implement Off-The-Record (OTR) encryption by default for all of data transfers between clients and server(s). Question is do I need to additionally connect classic…
John Smith
  • 41
  • 1
2
votes
0 answers

End to end encryption and OTR on Gajim

In Gajim, does OTR and end to end encryption work together? Or is OTR turned off if I start end to end encryption?
dfgdfgdf
  • 41
  • 1
  • 1
  • 2
0
votes
1 answer

Is it possible to perform one-way OTR MITM?

Here's something that is bugging me recently: suppose that me and my friend establish an OTR session and - as a result of that - DH key exchange is performed. My friend verifies my key, but I cannot verify his fingerprint. Despite that, we have a…
d33tah
  • 6,524
  • 8
  • 38
  • 60
0
votes
2 answers

Deniable discussions online

Consider this scenario: Alice is a typical corporate shark. She wants to get ahead in her organisation. Alice has a sensitive information security scenario, she needs expert consultation but she doesn't know any experts. Due to whatever she's…
a20
  • 198
  • 7
0
votes
2 answers

Is there any advantage on using OTR in a messaging app if the messages are first sent to a REST API server over HTTPS?

I don't have any kind of experience in security, but just on API and app development, and I'm developing an application for doctors and patients which has an added private messaging feature between doctor:patient. I also should be able to retrieve…
Willian Schneider
  • 3
  • 2