[OTR-users] Re: OTR-users digest, Vol 1 #76 - 4 msgs

CLAY SHENTRUP CLAY at BROKENLADDER.COM
Thu Jun 23 12:17:21 EDT 2005 

>This is in fact exactly how it's done now.  :-)

Ah, yes.  I just looked over the protocol PDF again and I see that this
is exactly how it's done.  I should have known better considering the
genius behind OTR. :)  It might be slightly incriminating if it became
obvious that you chose your X_a such that it satisfie a particular e and
n, in Diffie-Hellman terms, but it's hard to envision how strong that
connection would be, or in which scenario that might even come into
play.

As to the anonymity over private server networks, what about scenarios
such as, sending a message (in an encryption shell) to ten people, who
each strip away one layer of encryption, and then send to 10 people, and
so on, until you've reached say, 1000 people.  In this case, many many
people would receive the message, but only the intended recipient would
be able to read it.  I've heard this type of technique, like posting
messages up on a public board where the recipient reads all messages,
and discovers which ones are addressed to him, "shouting" or something
like that.  Even if the NSA or the like were watching this, how feasible
would it be to track down 1000 people, search their hard drives, etc. 
Say you make it 10,000, and constructed it so that all the messages not
going to the intended recipient wouldn't even be the real message.  If
the maximum message size were kept relatively small, this technique
would not seem infeasible.  The bandwidth used would be negligible
compared to steraming audio and many other things that the internet is
used for, especially because it would be so highly distributed.  And the
processing resources to strip away a layer of encryption on a relatively
short stream of text, and then resend it to ten people, would not be a
significant burden upon any given user.  I could certainly be
overlooking some obvious problems, but this scenario doesn't seem
unreasonable to me.

Clay
--------------------------------------------------
ENCRYPTED MESSAGES ARE PREFERRED.  PLEASE USE
THE PGP PUBLIC KEY FOR BROKEN LADDER AT
HTTP://ESKILO.WARPMAIL.NET/

More information about the OTR-users mailing list