Re: [firestr] Query about ratcheting protocol
- 2015-04-30 @ 13:55
Great question and I have been getting this one a lot.
The plan is to have a protocol based on OTR. I don't have a full OTR
protocol in place yet. I also started exploring other options like telehash.
So, what is currently implemented?
1. The handshake procedure uses permanent keys ( RSA 4k) keys to
exchange ephemeral Diffie-Hellman public keys.
2. The Diffie-Hellman public keys are used to create a shared secret
for the connection.
3. If you disconnect and reconnect from someone, new keys are used.
4. These ephemeral keys are not stored anywhere except RAM for the
life of the connection.
5. Different DH keys are used between different people.
So when you connect with someone, your public key is used by the other
party to encrypt messages to you during the handshake. The hanshake
exchanges ephemeral keys and these are used during the connection for all
The keys used during a connection session with someone are not stored
anywhere, so this provides forward secrecy. And different keys are used for
different people. So in a multi party conversation, you would have to break
all communication channels within the clique to get all the communication
within a conversation.
Whenever you disconnect and reconnect with someone, then hanshake is done
again and new keys are used.
So what isn't implemented yet?
1. Messages during the hadshake are not signed! Yes, this is bad and
needs to be implemented. So Firestr is NOT SAFE against man in the middle
attacks at the moment.
2. There is no key ratcheting WITHIN a connection session. New keys
are created if you disconnect and reconnect with someone. (like close
laptop and go to another place). So Firestr needs to implement ratcheting
the ephemeral keys within a conversation.
I have been considering switching from my home grown protocol to something
like telehash. In the meantime, I am going to implement signing during
If you find any of these problems (implement signing, or key ratcheting, or
switching to telehash) interesting, please consider helping! I would love
help in these matters because I want Firestr as safe as possible.
On Thu, Apr 30, 2015 at 4:52 AM, Benjohn Barnes <firstname.lastname@example.org> wrote:
> Fire Star seems very cool. I’m looking forward to trying it more closely
> and having time to instal some Apps!
> I was wondering what guarantees it's ratcheting protocol provides, such as
> forward secrecy, and if it uses (or is closely based on) a well known one.