Check the smp and auth generation of scalars

otrv4 / libotr-ng

A new implementation of OTR with support for version 4. This is a mirror of https://bugs.otr.im/otrv4/libotr-ng

Other

43 stars 9 forks source link

Open claucece opened 5 years ago

claucece commented 5 years ago

They should all be hashed and pruned.

claucece commented 5 years ago

Ok, this needs an email to be sent to Mike. Basically, my concern is:

  HashToScalar(0x05 || G3 * r5 || G * r5 + G2 * r6)

should that scalar be hashed as well? It does not come from randomness; but from fixed values.

olabini commented 5 years ago

I thought Ian in our call was pretty clear that you can't modify the scalar output of that - or did I misunderstand?

olabini commented 5 years ago

OK, so I was mistaken. @claucece said in offline conversations that this is different. It's blocked waiting on input from Mike.

claucece commented 5 years ago

Yeah @olabini . Also Gustavo is looking into this :)

olabini commented 5 years ago

Great!