Hardware Reference
In-Depth Information
Chatting with OTR in BitlBee
To initiate an OTR protected chat, type:
otr connect gabriel_ice_jabber
While we are connected at this point and the chat session will be encrypted, we are left
with the problem of how do we really know who we are chatting with? This question may
seem existential, but it is an important one. A common attack on a communication protocol
is a
Man-In-The-Middle
(
MITM
) attack. The canonical setup of the MITM attack in-
volves two parties who wish to communicate, Alice and Bob, and the malicious meddler
Mallory. Alice initiates a connection with Bob, but it is usurped by Mallory and likewise
with the connection from Bob to Alice. Alice thinks she is talking to Bob, but really she is
talking to Mallory, who is forwarding messages to Bob and vice versa. At this point, Mal-
lory can direct and manipulate the conversation at will.
To defeat this, we need to authenticate the receiving party. In OTR, you could verify the
key fingerprint of your partner. This requires you to have swapped OTR fingerprints
a pri-
ori
and it might not be very convenient to carry your OTR fingerprint with you at all times.
The other mechanism is to use the
Socialist Millionaire Problem
to authenticate your
buddy. The Socialist Millionaire Problem is discussed in more detail in the following sub-
section, for now, think of it as a question and answer game where the answer would only be
known by the person with whom you are communicating.
To initiate the protocol in BitlBee, type something like the following:
otr smpq gabriel_ice_jabber "What beer did I order last
night, one word, lowercase?" ipa
Presumably, you and Gabriel Ice were out at dinner last night and he would know the type
of beer you ordered. When phrasing the question, it's good to include instructions of how to
type it. Else, it would result in an incorrect response and probably confuse your partner,
who despite the drinks, distinctly remembers you drinking an IPA. If your partner responds
correctly, you should see:
<root> smp: initiating with gabriel_ice_jabber_...
<root> smp gabriel_ice_jabber_: secrets proved equal,
fingerprint trusted
