[tor-bugs] #18973 [Applications/Tor Messenger]: Possible authentication bug

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 7 15:41:28 UTC 2016 

#18973: Possible authentication bug
----------------------------------------+---------------------
 Reporter:  arlolra                     |          Owner:
     Type:  defect                      |         Status:  new
 Priority:  Very High                   |      Milestone:
Component:  Applications/Tor Messenger  |        Version:
 Severity:  Critical                    |     Resolution:
 Keywords:                              |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+---------------------

Comment (by arlolra):

 Pasting the contents of the last email exchanged with OP for posterity.
 No response as of yet but, at this point, the details are probably lost in
 time.

 {{{
 Let me try to describe what we think we know so far.
 Thanks again for bearing with me.


 1) You have had multiple conversation with that contact
 in the past.  I assume you mean with Tor Messenger, and
 therefore they were OTR sessions, and that in those
 previous session you did not verify their fingerprint,
 and they were with the accounts in question. See 3) though.

 2) At the time, you were having two other conversations.
 I assume they were with your same XMPP account and that,
 since it was using Tor Messenger, they were also OTR
 sessions, and that you've since checked that neither
 of those contacts are in possession of a key with the
 fingerprint in question.

 3) You started an OTR session with the contact.  The
 contact is using a new account (and therefore had a
 new key).  Maybe you meant in 1) the contact themself
 was not new to you, but that this was the first time
 you were chatting with this account / key, and therefore
 decided to authenticate it.  Please clarify this situation.

 4) You exchanged several messages inside this OTR session.

 5) Then, you opened the manual finger verification pane, and in
 an out-of-band channel, compared fingerprints.  You communicated
 your fingerprint to your contact and it matched.  They communicated
 their fingerprint to you, and it did not match.


 The first thing to note is that if 5) is true and there
 was a man-in-the-middle, then it also implies your private
 key has been compromised.  There's no way for the MITM to
 impersonate you.  If they really are in the middle, they
 need to establish sessions with each of you, so you
 would both see an unknown key.

 (Assuming the OTR protocol isn't broken in some
 unknown way, and that it is implemented correctly ...
 which, since both clients are using libotr, confidence
 is high).

 So, I don't think this was a MITM at the OTR layer.
 And the TLS layer is irrelevant.

 There are at least two possibilities I can think of next.

 One, your contact did actually present this other
 key the first time around.  This is supported by the fact
 that your "known fingerprints" has recorded it.  However,
 since you must have double checked when fingerprints didn't
 match, and since they claim to not have restarted their
 application, it's unlikely.  It would be nice if you
 could get your contact to compute all the fingerprints
 for the keys in their ~/.purple/otr.private_keys file.
 Any chance they had another simultaneously connected client?

 Two, some sort of similar situation like in #17833, where
 Tor Messenger was presenting to you the fingerprint of
 a merged contact.  This seems like the likelier of the two.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18973#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list