cocoaforge

I chat with my buddy with Adium through Jabber. We both have "force OTR encryption" turned on.

However, when one of us initiates a conversation, the conversation window displays the message BEFORE showing "attempting encryption..." and then "conversation encrypted".

My question is: Is the first message in an OTR conversation encrypted?

UPDATE: Nobody has replied yet. Maybe I didn't make myself clear enough. To make it more clear, here is an image that describes what I'm talking about:



My question is: Is my first message (in this case, the dot ".") encrypted, even if the "Encrypted OTR chat initiated" text appeared later?

I have now updated the original question, in order to make it more clear. Thanks in advance.

I've tested this with someone and inspected what was sent and received, and that first message is indeed encrypted. I realize it looks misleading, but that's because we immediately display what you send (without waiting for it to have actually been sent), but an OTR session takes a couple of messages back and forth to initiate, so it takes slightly longer to know the OTR session started successfully (and the message is not actually sent before this is done).

I hope this clears things up for you.

sphynx wrote:I've tested this with someone and inspected what was sent and received, and that first message is indeed encrypted. I realize it looks misleading, but that's because we immediately display what you send (without waiting for it to have actually been sent), but an OTR session takes a couple of messages back and forth to initiate, so it takes slightly longer to know the OTR session started successfully (and the message is not actually sent before this is done).

I hope this clears things up for you.

Thanks for the reply! Yeah it clears things up, but just to make it more clear: You're using the word "message" in two different meanings above, right? When you say "takes a couple of messages back and forth to initiate", that's some other kind of a message, right?

Also, what tool did you use to analyze what data was sent and received?

samd wrote:

sphynx wrote:I've tested this with someone and inspected what was sent and received, and that first message is indeed encrypted. I realize it looks misleading, but that's because we immediately display what you send (without waiting for it to have actually been sent), but an OTR session takes a couple of messages back and forth to initiate, so it takes slightly longer to know the OTR session started successfully (and the message is not actually sent before this is done).

I hope this clears things up for you.

Thanks for the reply! Yeah it clears things up, but just to make it more clear: You're using the word "message" in two different meanings above, right? When you say "takes a couple of messages back and forth to initiate", that's some other kind of a message, right?

Also, what tool did you use to analyze what data was sent and received?

Not exactly, but that how it appears. OTR is made in a way to be completely agnostic of the underlying protocol. When you invite someone to an OTR conversation, what actually happens is that Adium sends a message with something like "OTR: Contactname has invited you to an OTR conversation, but you do not have a plugin for this." You do not see that message that you sent, and if the other end does have support for it, it will intercept this message an reply something to continue the initiation (which will also be hidden from you).

So what I meant to say is: your own, manually typed message, will not be sent until OTR has exchanged some messages for you.

I verified this by opening Adium's debug window (http://trac.adium.im/wiki/CurrentAdiumDebug), which shows everything that is sent for Jabber connections, and starting a conversation with someone while having "Force OTR encryption" on. There were no messages exchanged in plain text (except the invitation message from OTR I just mentioned, of course).