Verified Commit 41405749 authored by Sofia Celi's avatar Sofia Celi
Browse files

Correctly point to home

parent 8dcbf0dc
......@@ -35,7 +35,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
<a class="navbar-brand" href="/">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
......@@ -88,7 +88,7 @@
<h2>High level overview</h2>
<h3>Requesting an OTR conversation</h3>
<p>There are two ways Alice can inform Bob that she is willing to use
the OTR protocol to speak with him: by sending him the OTR Query Message,
the OTR protocol to speak with him: by sending him the OTR Query Message,
or by including a special "tag" consisting of whitespace characters in
one of her messages to him. Each method also includes a way for Alice
to communicate to Bob which versions of the OTR protocol she is willing
......@@ -195,7 +195,7 @@
acknowledged receiving (by using it in a Data Message, or failing that,
in the AKE). Let key<sub>A</sub> by that key, and let keyid<sub>A</sub>
be its serial number.</li>
<li>If the above key is Alice's most recent key, she generates a new D-H key
<li>If the above key is Alice's most recent key, she generates a new D-H key
(next_dh), to get the serial number keyid<sub>A</sub>+1.</li>
<li>Picks the most recent of Bob's D-H encryption keys that she has
received from him (either in a Data Message or in the AKE). Let
......@@ -682,7 +682,7 @@
</dd>
</dl>
<p>SMP Message TLVs (types 2-5) all carry data sharing the same general
format:</p>
format:</p>
<dl>
<dt>MPI count (INT)</dt>
<dd>The number of MPIs contained in the remainder of the TLV.</dd>
......@@ -752,7 +752,7 @@
<p>The Socialist Millionaires' Protocol allows two parties with secret
information x and y respectively to check whether (x==y) without revealing
any additional information about the secrets. The protocol used by OTR is
based on the work of Boudot, Schoenmakers and Traore (2001). A full
based on the work of Boudot, Schoenmakers and Traore (2001). A full
justification for its use in OTR is made by Alexander and Goldberg,
in a paper published in 2007. The following is a technical account
of what is transmitted during the course of the protocol.</p>
......@@ -767,20 +767,20 @@
<dd>The fingerprint that the party initiating SMP is using in
the current conversation.</dd>
<dt>Responder fingerprint (20 BYTEs)</dt>
<dd>The fingerprint that the party that did not initiate SMP is
<dd>The fingerprint that the party that did not initiate SMP is
using in the current conversation.</dd>
<dt>Secure Session ID</dt>
<dd>The ssid described below.</dd>
<dt>User-specified secret</dt>
<dd>The input string given by the user at runtime.</dd>
</dl>
<p>Then the SHA256 hash of the above is taken, and the digest becomes the
<p>Then the SHA256 hash of the above is taken, and the digest becomes the
actual secret (x or y) to be used in SMP. The additional fields insure
that not only do both parties know the same secret input string, but no
man-in-the-middle is capable of reading their communication either.</p>
<h3>The SMP state machine</h3>
<p>Whenever the OTR message state machine has MSGSTATE_ENCRYPTED set
(see below), the SMP state machine may progress. If at any point
(see below), the SMP state machine may progress. If at any point
MSGSTATE_ENCRYPTED becomes unset, SMP must abandon its state and return
to its initial setup. The SMP state consists of one main variable, as
well as information from the partial computations at each protocol step.</p>
......@@ -870,9 +870,9 @@
<ol>
<li>Check that both g<sub>2a</sub> and g<sub>3a</sub> are &gt;= 2 and
&lt;= modulus-2.</li>
<li>Check that c2 = SHA256(1, g<sub>1</sub><sup>D2</sup>
<li>Check that c2 = SHA256(1, g<sub>1</sub><sup>D2</sup>
g<sub>2a</sub><sup>c2</sup>).</li>
<li>Check that c3 = SHA256(2, g<sub>1</sub><sup>D3</sup>
<li>Check that c3 = SHA256(2, g<sub>1</sub><sup>D3</sup>
g<sub>3a</sub><sup>c3</sup>).</li>
</ol>
Create a type 3 TLV (SMP message 2) and send it to Alice:
......@@ -899,13 +899,13 @@
<li>Compute P<sub>b</sub> = g<sub>3</sub><sup>r4</sup> and
Q<sub>b</sub> = g<sub>1</sub><sup>r4</sup> g<sub>2</sub><sup>y</sup></li>
<li>Generate a zero-knowledge proof that P<sub>b</sub> and Q<sub>b</sub>
were created according to the protocol by setting
cP = SHA256(5, g<sub>3</sub><sup>r5</sup>, g<sub>1</sub><sup>r5</sup>
were created according to the protocol by setting
cP = SHA256(5, g<sub>3</sub><sup>r5</sup>, g<sub>1</sub><sup>r5</sup>
g<sub>2</sub><sup>r6</sup>), D5 = r5 - r4 cP mod q and D6 = r6 - y cP mod q.</li>
<li>Store the values of g<sub>3a</sub>, g<sub>2</sub>, g<sub>3</sub>,
b<sub>3</sub>, P<sub>b</sub> and Q<sub>b</sub> for use later in the
protocol.</li>
<li>Send Alice a type 3 TLV (SMP message 2) containing g<sub>2b</sub>,
<li>Send Alice a type 3 TLV (SMP message 2) containing g<sub>2b</sub>,
c2, D2, g<sub>3b</sub>, c3, D3, P<sub>b</sub>, Q<sub>b</sub>, cP, D5
and D6, in that order.</li>
</ol>
......@@ -913,7 +913,7 @@
</dl>
<h4>Receiving a type 3 TLV (SMP message 2)</h4>
<p>SMP message 2 is sent by Bob to complete the DH exchange to
determine the new generators, g<sub>2</sub> and g<sub>3</sub>.
determine the new generators, g<sub>2</sub> and g<sub>3</sub>.
It also begins the construction of the values used in the final
comparison of the protocol. It contains the following mpi values:</p>
<dl>
......@@ -940,17 +940,17 @@
<dd>Set smpstate to SMPSTATE_EXPECT1 and send a type 6 TLV (SMP abort)
to Bob.</dd>
<dt>If smpstate is SMPSTATE_EXPECT2:</dt>
<dd>Verify Bob's zero-knowledge proofs for g<sub>2b</sub>,
<dd>Verify Bob's zero-knowledge proofs for g<sub>2b</sub>,
g<sub>3b</sub>, P<sub>b</sub> and Q<sub>b</sub>:
<ol>
<li>Check that g<sub>2b</sub>,
g<sub>3b</sub>, P<sub>b</sub> and Q<sub>b</sub> are &gt;= 2 and
&lt;= modulus-2.</li>
<li>Check that c2 = SHA256(3, g<sub>1</sub><sup>D2</sup>
<li>Check that c2 = SHA256(3, g<sub>1</sub><sup>D2</sup>
g<sub>2b</sub><sup>c2</sup>).</li>
<li>Check that c3 = SHA256(4, g<sub>1</sub><sup>D3</sup>
<li>Check that c3 = SHA256(4, g<sub>1</sub><sup>D3</sup>
g<sub>3b</sub><sup>c3</sup>).</li>
<li>Check that cP = SHA256(5, g<sub>3</sub><sup>D5</sup>
<li>Check that cP = SHA256(5, g<sub>3</sub><sup>D5</sup>
P<sub>b</sub><sup>cP</sup>, g<sub>1</sub><sup>D5</sup>
g<sub>2</sub><sup>D6</sup> Q<sub>b</sub><sup>cP</sup>).</li>
</ol>
......@@ -964,25 +964,25 @@
<li>Compute P<sub>a</sub> = g<sub>3</sub><sup>r4</sup> and
Q<sub>a</sub> = g<sub>1</sub><sup>r4</sup> g<sub>2</sub><sup>x</sup></li>
<li>Generate a zero-knowledge proof that P<sub>a</sub> and Q<sub>a</sub>
were created according to the protocol by setting
cP = SHA256(6, g<sub>3</sub><sup>r5</sup>, g<sub>1</sub><sup>r5</sup>
were created according to the protocol by setting
cP = SHA256(6, g<sub>3</sub><sup>r5</sup>, g<sub>1</sub><sup>r5</sup>
g<sub>2</sub><sup>r6</sup>), D5 = r5 - r4 cP mod q and D6 = r6 - x cP mod q.</li>
<li>Compute R<sub>a</sub> = (Q<sub>a</sub> / Q<sub>b</sub>)
<sup>a<sub>3</sub></sup></li>
<li>Generate a zero-knowledge proof that R<sub>a</sub> was created
according to the protocol by setting cR = SHA256(7, g<sub>1</sub><sup>r7</sup>,
(Q<sub>a</sub> / Q<sub>b</sub>)<sup>r7</sup>) and
<li>Generate a zero-knowledge proof that R<sub>a</sub> was created
according to the protocol by setting cR = SHA256(7, g<sub>1</sub><sup>r7</sup>,
(Q<sub>a</sub> / Q<sub>b</sub>)<sup>r7</sup>) and
D7 = r7 - a<sub>3</sub> cR mod q.</li>
<li>Store the values of g<sub>3b</sub>, (P<sub>a</sub> / P<sub>b</sub>),
<li>Store the values of g<sub>3b</sub>, (P<sub>a</sub> / P<sub>b</sub>),
(Q<sub>a</sub> / Q<sub>b</sub>) and R<sub>a</sub> for use later in the
protocol.</li>
<li>Send Bob a type 4 TLV (SMP message 3) containing P<sub>a</sub>,
<li>Send Bob a type 4 TLV (SMP message 3) containing P<sub>a</sub>,
Q<sub>a</sub>, cP, D5, D6, R<sub>a</sub>, cR and D7 in that order.</li>
</ol>
Set smpstate to SMPSTATE_EXPECT4.</dd>
</dl>
<h4>Receiving a type 4 TLV (SMP message 3)</h4>
<p>SMP message 3 is Alice's final message in the SMP exchange. It
<p>SMP message 3 is Alice's final message in the SMP exchange. It
has the last of the information required by Bob to determine if x = y.
It contains the following mpi values:</p>
<dl>
......@@ -1006,43 +1006,43 @@
<dd>Set smpstate to SMPSTATE_EXPECT1 and send a type 6 TLV (SMP abort)
to Bob.</dd>
<dt>If smpstate is SMPSTATE_EXPECT3:</dt>
<dd>Verify Alice's zero-knowledge proofs for P<sub>a</sub>, Q<sub>a</sub>
<dd>Verify Alice's zero-knowledge proofs for P<sub>a</sub>, Q<sub>a</sub>
and R<sub>a</sub>:
<ol>
<li>Check that P<sub>a</sub>, Q<sub>a</sub> and R<sub>a</sub> are &gt;= 2 and
&lt;= modulus-2.</li>
<li>Check that cP = SHA256(6, g<sub>3</sub><sup>D5</sup>
P<sub>a</sub><sup>cP</sup>, g<sub>1</sub><sup>D5</sup> g<sub>2</sub><sup>D6</sup>
<li>Check that cP = SHA256(6, g<sub>3</sub><sup>D5</sup>
P<sub>a</sub><sup>cP</sup>, g<sub>1</sub><sup>D5</sup> g<sub>2</sub><sup>D6</sup>
Q<sub>a</sub><sup>cP</sup>).</li>
<li>Check that cR = SHA256(7, g<sub>1</sub><sup>D7</sup>
g<sub>3a</sub><sup>cR</sup>, (Q<sub>a</sub> / Q<sub>b</sub>)<sup>D7</sup>
R<sub>a</sub><sup>cR</sup>).</li>
g<sub>3a</sub><sup>cR</sup>, (Q<sub>a</sub> / Q<sub>b</sub>)<sup>D7</sup>
R<sub>a</sub><sup>cR</sup>).</li>
</ol>
Create a type 5 TLV (SMP message 4) and send it to Alice:
<ol>
<li>Pick a random exponent r7.
This will be used to generate Bob's final zero-knowledge proof that
This will be used to generate Bob's final zero-knowledge proof that
this message was created honestly.</li>
<li>Compute R<sub>b</sub> = (Q<sub>a</sub> / Q<sub>b</sub>)
<sup>b<sub>3</sub></sup></li>
<li>Generate a zero-knowledge proof that R<sub>b</sub> was created
according to the protocol by setting cR = SHA256(8, g<sub>1</sub><sup>r7</sup>,
(Q<sub>a</sub> / Q<sub>b</sub>)<sup>r7</sup>) and
<li>Generate a zero-knowledge proof that R<sub>b</sub> was created
according to the protocol by setting cR = SHA256(8, g<sub>1</sub><sup>r7</sup>,
(Q<sub>a</sub> / Q<sub>b</sub>)<sup>r7</sup>) and
D7 = r7 - b<sub>3</sub> cR mod q.</li>
<li>Send Alice a type 5 TLV (SMP message 4) containing R<sub>b</sub>,
<li>Send Alice a type 5 TLV (SMP message 4) containing R<sub>b</sub>,
cR and D7 in that order.</li>
</ol>
Check whether the protocol was successful:
<ol>
<li>Compute R<sub>ab</sub> = R<sub>a</sub><sup>b<sub>3</sub></sup>.</li>
<li>Determine if x = y by checking the equivalent condition that
<li>Determine if x = y by checking the equivalent condition that
(P<sub>a</sub> / P<sub>b</sub>) = R<sub>ab</sub>.</li>
</ol>
Set smpstate to SMPSTATE_EXPECT1, as no more messages are expected from
Alice.</dd>
</dl>
<h4>Receiving a type 5 TLV (SMP message 4)</h4>
<p>SMP message 4 is Bob's final message in the SMP exchange. It
<p>SMP message 4 is Bob's final message in the SMP exchange. It
has the last of the information required by Alice to determine if x = y.
It contains the following mpi values:</p>
<dl>
......@@ -1065,13 +1065,13 @@
<li>Check that R<sub>b</sub> is &gt;= 2 and
&lt;= modulus-2.</li>
<li>Check that cR = SHA256(8, g<sub>1</sub><sup>D7</sup>
g<sub>3b</sub><sup>cR</sup>, (Q<sub>a</sub> / Q<sub>b</sub>)<sup>D7</sup>
R<sub>b</sub><sup>cR</sup>).</li>
g<sub>3b</sub><sup>cR</sup>, (Q<sub>a</sub> / Q<sub>b</sub>)<sup>D7</sup>
R<sub>b</sub><sup>cR</sup>).</li>
</ol>
Check whether the protocol was successful:
<ol>
<li>Compute R<sub>ab</sub> = R<sub>b</sub><sup>a<sub>3</sub></sup>.</li>
<li>Determine if x = y by checking the equivalent condition that
<li>Determine if x = y by checking the equivalent condition that
(P<sub>a</sub> / P<sub>b</sub>) = R<sub>ab</sub>.</li>
</ol>
Set smpstate to SMPSTATE_EXPECT1, as no more messages are expected from
......@@ -1085,7 +1085,7 @@
smpstate was SMPSTATE_EXPECT1. Otherwise, you may simply continue the
current SMP instance.</dd>
<dt>If smpstate is set to SMPSTATE_EXPECT1:</dt>
<dd>No current exchange is underway. In this case, Alice should
<dd>No current exchange is underway. In this case, Alice should
create a valid type 2 TLV (SMP message 1) as follows:
<ol>
<li>Determine her secret input x, which is to be compared to Bob's
......@@ -1103,9 +1103,9 @@
<li>Generate a zero-knowledge proof that the exponent a<sub>3</sub> is
known by setting c3 = SHA256(2, g<sub>1</sub><sup>r3</sup>) and
D3 = r3 - a<sub>3</sub> c3 mod q.</li>
<li>Store the values of x, a<sub>2</sub> and a<sub>3</sub>
<li>Store the values of x, a<sub>2</sub> and a<sub>3</sub>
for use later in the protocol.</li>
<li>Send Bob a type 2 TLV (SMP message 1) containing g<sub>2a</sub>,
<li>Send Bob a type 2 TLV (SMP message 1) containing g<sub>2a</sub>,
c2, D2, g<sub>3a</sub>, c3 and D3 in that order.</li>
</ol>
Set smpstate to SMPSTATE_EXPECT2.</dd>
......@@ -1314,13 +1314,13 @@
<li>Transmit (n) OTR version 3 fragmented messages with the following
(printf-like) structure (as k runs from 1 to n inclusive):
<p>"?OTR|%x|%x,%hu,%hu,%s," , sender_instance, receiver_instance,
<p>"?OTR|%x|%x,%hu,%hu,%s," , sender_instance, receiver_instance,
k , n , piece[k]</p>
OTR version 2 messages get fragmented in a similar format, but
OTR version 2 messages get fragmented in a similar format, but
without the instance tags fields:
<p>"?OTR,%hu,%hu,%s," , sender_instance, receiver_instance,
<p>"?OTR,%hu,%hu,%s," , sender_instance, receiver_instance,
k , n , piece[k]</p></li>
<li>Note that k and n are unsigned short ints (2 bytes), and each has
......@@ -1375,7 +1375,7 @@
<p>If you receive a non-OTR message, or an unfragmented message,
forget any stored fragment you may have, store "" as F and store
(0,0) as (K,N).</p>
<p>OTR version 2 fragmented messages follow the same behaviour as
described above, but do not list the sender and receiver instance
tags.</dd>
......@@ -1668,7 +1668,7 @@
Data Message.</li>
</ul>
Otherwise, ignore the message.</dd>
<dt>If authstate is AUTHSTATE_NONE, AUTHSTATE_AWAITING_DHKEY,
<dt>If authstate is AUTHSTATE_NONE, AUTHSTATE_AWAITING_DHKEY,
AUTHSTATE_AWAITING_SIG, or AUTHSTATE_V1_SETUP:</dt>
<dd>Ignore the message.</dd>
</dl>
......@@ -1685,7 +1685,7 @@
Data Message.</li>
</ul>
Otherwise, ignore the message.</dd>
<dt>If authstate is AUTHSTATE_NONE, AUTHSTATE_AWAITING_DHKEY,
<dt>If authstate is AUTHSTATE_NONE, AUTHSTATE_AWAITING_DHKEY,
or AUTHSTATE_AWAITING_REVEALSIG:</dt>
<dd>Ignore the message.</dd>
</dl>
......
......@@ -35,7 +35,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
<a class="navbar-brand" href="/">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
......
......@@ -190,15 +190,18 @@ dt {
padding-bottom: 10px;
line-height: 20px;
}
.nav>li>a {
position: relative;
display: block;
padding: 10px 15px;
}
.nav>li {
position: relative;
display: block;
}
/******************************
* Structure
* **************************/
......@@ -423,7 +426,7 @@ dt {
padding: 17px 15px;
}
/************************************
* Strucutre
* Structure
************************************/
img.align-left {
float: left;
......
......@@ -22,7 +22,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
<a class="navbar-brand" href="/">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
......@@ -39,7 +39,7 @@
<div class="container" id="container">
<div class="container-inner">
<div class="hero-unit faq">
<div class="ac">
......@@ -102,48 +102,48 @@ with password <strong>contribute</strong> on <a href="https://bugs.otr.im">https
<h3 class="subtitle">Older Posts</h3>
<ul class="postlist">
<li>
<span>2014-08-31 14:15:00</span>
<a href="2014-08-31-New chat paradigm.html">Chatifesto</a>
</li>
<li>
<span>2014-07-25 00:00:00</span>
<a href="2014-07-25-hopex mpotr.html">mpOTR progress report - HOPE X in New York 2014</a>
</li>
<li>
<span>2014-07-14 12:00:00</span>
<a href="2014-07-14-tails otr hackfest meeting.html">OTR meeting notes - Tails hackfest in Paris 2014</a>
</li>
<li>
<span>2014-04-27 16:00:00</span>
<a href="2014-04-27-LWN.html">Debian OTR team featured on LWN</a>
</li>
<li>
<span>2014-04-27 14:15:00</span>
<a href="2014-04-27-debian otr.html">Debian OTR team</a>
</li>
<li>
<span>2014-04-27 14:00:00</span>
<a href="2014-04-27-Let the ecosystem bloom off-the-record.html">Launch of OTR.im</a>
</li>
</ul>
</div>
</div>
<footer class="footer">
<div class="container-inner">
<p class="pull-right"><a href="#">Back to top</a></p>
<p>OTR - Free and open source software.</p>
<p>We would like to thank <a href="https://www.gandi.net/">Gandi</a> for providing us with a wildcard SSL certificate.</p>
<div class="container-inner">
<p class="pull-right"><a href="#">Back to top</a></p>
<p>OTR - Free and open source software.</p>
<p>We would like to thank <a href="https://www.gandi.net/">Gandi</a> for providing us with a wildcard SSL certificate.</p>
<p class="text-muted">Blog powered by <a href="https://github.com/botherder/habu">habu</a>.</p>
</div>
</div>
</footer>
</body>
</html>
\ No newline at end of file
......@@ -35,7 +35,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
<a class="navbar-brand" href="/">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
......
......@@ -36,7 +36,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
<a class="navbar-brand" href="/">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
......@@ -67,7 +67,7 @@
<div class="container-inner">
<h2 class=featurette-heading>OTR capable clients</h2>
<hr class="featurette-divider">
<!-- start otr capable list -->
......
......@@ -35,11 +35,11 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">OTR.im</a>
<a class="navbar-brand" href="/">OTR.im</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class="active"><a href="#">Home</a></li>
<li class="active"><a href="/">Home</a></li>
<li><a href="clients.html">Clients</a></li>
<li><a href="chat.html">Chat</a></li>
<li><a href="about.html">About</a></li>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment