Comments (8)
@natalieesk I think we should be defining them. OTRv3 specifies SHA256-HMAC keys, 128 bit AES encryption keys, and SHA-1 for the MAC keys.
from otrv4.
Updated
Todos:
- Remove unnecessary description of the Double Ratchet Algorithm since this is a well known standard described here
- Decide if the transition from the DAKE to the double ratchet in Nik's paper (p.116) is the best way to transition
- Describe what errors can happen and what to implement in response to those errors
- Describe what keys should be revealed from the Double Ratchet Algorithm to achieve deniability
Details: decide what variations of the double ratchet should be included in the protocol:
- Including in the spec whether header encryption can be omitted for situations where the underlying transport already reveals metadata
- Whether we should include a time limit for updating the chain keys
from otrv4.
As discussed in stand up this morning, the final paper does not specify which KDFs to use. I am investigating different KDFs and which ones different double ratchet implementations use.
This is my current understanding:
There are two kinds of KDF, ones that take keys as arguments, and others that take passwords (known sometimes as PBKDF, so when you hash a password that uses a KDF). The difference is in the entropy level that you decide what kind you need. We would need to use one that takes keys as arguments both times.
We use different KDFs for:
- deriving the root key and chain key from the shared secret
- deriving the MAC and encryption keys from the chain key
TextSecure uses HKDF (HMAC based Key Derivation Function) for both
I’ve found a range of other KDFs that I’m looking into now.
from otrv4.
I'm also wondering whether we should define the KDF in the protocol or implementers should choose themselves?
from otrv4.
I've pushed the draft of the Data Exchange section here: 651d099
Review Checklist
- Does it read clearly?
- Should we use a different word than "storage" and "storedDHR" to denote how a newly received DH Ratchet key is used to decrypt messages and then to send the next ratchet messages?
- Should we be more clear about when keys can be deleted? i.e. Delete the current root key when you create the next root key.
from otrv4.
I've added questions to the commit. I think we should also define generateECDH()
.
from otrv4.
- How to reveal MAC keys in the context of double ratchet?
from otrv4.
from otrv4.
Related Issues (20)
- Check that we are advising to queue messages in the correct places
- Recover rights of github.com/off-the-record and update HOT 6
- Where to find Double Ratchet implementation in libotr-ng HOT 2
- Issue in `ECDH(a, B)` with check calculating shared secret? HOT 1
- When should we delete skipped_MKenc? HOT 1
- Create a contributing document
- Migrate to gitlab HOT 5
- Create a CONTRIBUTING page
- Synchronize with gitlab instance HOT 12
- Key Registration with Knowledge HOT 1
- Create a plan for 2020 in relationship with the new outcomes as defined in some meetings HOT 2
- Conversations Legacy has been removed HOT 4
- Update for Psi and Psi+ in Wiki page HOT 5
- Clarify what it means to "Send new Auth-R message with new values"
- Add an extension TLV to upgrade to v4 HOT 11
- Application/protocol-specific TLVs
- [Idea] PSK-authenticated fingerprint verification
- http://bugs.otr.im/otrv4/otrv4 is down. HOT 3
- Status of the OTRv4 specification HOT 1
- Concerns regarding verification of generated shared secret (identity checking)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from otrv4.