From kristofer at rbgi.net Tue Jun 5 07:25:00 2007 From: kristofer at rbgi.net (Kristofer =?iso-8859-1?Q?=C5berg?=) Date: Tue, 5 Jun 2007 13:25:00 +0200 (CEST) Subject: [OTR-users] Plugin for Pidgin Portable? Message-ID: <3685.213.66.149.17.1181042700.squirrel@mail.rbgi.net> Really good plugin! Though I couldn't get it to work with Pidgin Portable, and that would be really good as well. Can this be done? I downloaded Pidgin Portable from here: http://www.romantika.name/v2/2007/05/09/my-version-of-pidgin-portable/ / K. From paul at xelerance.com Thu Jun 7 09:50:43 2007 From: paul at xelerance.com (Paul Wouters) Date: Thu, 7 Jun 2007 09:50:43 -0400 (EDT) Subject: [OTR-users] mICQ supports OTR as of version 0.5.4 In-Reply-To: References: <20070607120621.GA18424@msgids.ruediger-kuhlmann.de> Message-ID: On Thu, 7 Jun 2007, Paul Wouters wrote: > URL? Is it integrated in mirq now? To answer my own question: http://www.micq.org/ mICQ release 0.5.4 http://freshmeat.net/projects/micq/?branch_id=6390&release_id=255096 mICQ (Matt's ICQ Clone) is a portable, small, yet powerful console-based ICQ client. It supports password changing, auto-away, creation of new accounts, and other features that makes it a very complete yet simple client. It is able to send and receive messages from the ICQ network, list users that are offline and online (including their online status), search for users by email address, and look up basic (name, UIN, email) information. Release focus: Major feature enhancements Changes: Support for XMPP (a.k.a. Jabber or Google Talk) and for OTR was added. Can someone link this information on the OTR page? Paul From ian at cypherpunks.ca Thu Jun 7 18:15:13 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 7 Jun 2007 18:15:13 -0400 Subject: [OTR-users] Plugin for Pidgin Portable? In-Reply-To: <3685.213.66.149.17.1181042700.squirrel@mail.rbgi.net> References: <3685.213.66.149.17.1181042700.squirrel@mail.rbgi.net> Message-ID: <20070607221513.GA6913@yoink.cs.uwaterloo.ca> On Tue, Jun 05, 2007 at 01:25:00PM +0200, Kristofer ?berg wrote: > Really good plugin! Though I couldn't get it to work with Pidgin Portable, > and that would be really good as well. Can this be done? > > I downloaded Pidgin Portable from here: > > http://www.romantika.name/v2/2007/05/09/my-version-of-pidgin-portable/ Can you say what kind of error you're seeing? Can you run "pidgin -d"? - Ian From tronica at gmail.com Mon Jun 11 02:19:12 2007 From: tronica at gmail.com (Monica Barratt) Date: Mon, 11 Jun 2007 16:19:12 +1000 Subject: [OTR-users] Encryption Guide Message-ID: Just letting you know that my Encryption Guide is now online here: http://www.ndri.curtin.edu.au/drugsonforums/encryption.html Thanks to everyone who helped with it. I'll be conducted research interviews online over the next few months, and will provide some feedback as to the use of OTR in this context. cheers monica ---------- Forwarded message ---------- From: Monica Barratt Date: 25-Feb-2007 20:07 Subject: Request for review of Encryption Guide To: otr-users at lists.cypherpunks.ca Hi OTR-users Would anyone on this list be prepared to look over a document I've put together which explains the need for encryption email/IM and various ways of doing it (with focus on OTR for IM)? I'm going to use it whilst recruiting research participants for my PhD project. My project relates to recreational drug use and participation in online forums / bulletin boards where drugs are discussed (see http://db.ndri.curtin.edu.au/research.asp?resprtyid=12&typeid=1&projid=390 for further description). The document aims to provide an option to suit research participants with varied levels of concern about privacy, hence I have mentioned sub-optimal options such as using an email address or log-in details that are not connected to real names should participants be unable/unwilling to use encryption. I intend to distribute this document to people who have expressed an interest in participation, as well as upon the forthcoming project website. So it will be public and given it heavily promotes OTR, I also thought it would be great to include an endorsement from someone from the OTR team at the end of the document. I'm a psychology graduate without any formal training in data security - so for my own peace of mind, I am keen to have the document endorsed too. A senior IT member of staff at my university has looked at my procedures, but not really in enough detail to satisfy me! Here is a link to it: http://savefile.com/files/516341 Primarily I'm interested in fixing any statements that are incorrect, but also in any other ideas anyone has about clarity/usability. Comments on my project are welcome too! thanks monica From tegwe002 at umn.edu Mon Jun 11 10:05:27 2007 From: tegwe002 at umn.edu (Joelle Tegwen) Date: Mon, 11 Jun 2007 09:05:27 -0500 Subject: [OTR-users] Bug: malformed data message infinite loop on long email Message-ID: <466D56A7.6060402@umn.edu> I'm using Off-the-Record Messaging 3.0.0 on Gaim v1.5.0-16.fc5 Using the Yahoo protocol (if that matters) when I send a very long url like http://www.edinarealty.com/Listing/ListingDetail.aspx?Search=d57e1215-b8f9-4642-afc0-7452eb372798&Listing=21604589&IRPAgentID=&Image=1&First=1&Last=1&pagesize=10&SearchType=&ListingDistrictTypeID=&FirstLetter=&Sort=6&Cookies= I get in an infinite loop of the following messages. (08:48:37)* OTR Error: You transmitted a malformed data message* (08:48:38)* Successfully refreshed the private conversation with [buddy].* (08:48:38)* The last message to **[buddy]** was resent. I had to shut down gaim completely to make it stop. Do I need to do anything else to report a bug? Thanks Joelle * From alex323 at gmail.com Mon Jun 11 11:01:24 2007 From: alex323 at gmail.com (Alex) Date: Mon, 11 Jun 2007 11:01:24 -0400 Subject: [OTR-users] Encryption Guide In-Reply-To: References: Message-ID: <20070611110124.081415c4@darwin> On Mon, 11 Jun 2007 16:19:12 +1000 "Monica Barratt" wrote: > Just letting you know that my Encryption Guide is now online here: > http://www.ndri.curtin.edu.au/drugsonforums/encryption.html I noticed that you said OTR was an "encryption program" in the Instant Messaging section. Encryption is part of OTR, but not all of OTR. OTR provides authentication, deniability, encryption, and perfect forward secrecy. I would rephrase it to say that OTR is a "instant message security application." Just my two cents. -- Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: not available URL: From tronica at gmail.com Mon Jun 11 20:12:20 2007 From: tronica at gmail.com (Monica Barratt) Date: Tue, 12 Jun 2007 10:12:20 +1000 Subject: [OTR-users] Encryption Guide In-Reply-To: <20070611110124.081415c4@darwin> References: <20070611110124.081415c4@darwin> Message-ID: Thanks Alex. Any other feedback is welcome. I'll look to incorporate any changes after our discussion. You can see that I haven't gone into the detail of why OTR is preferred, or into its components (authentication, deniability, encryption, perfect forward security). Some people will be overwhelmed by the amount of detail already included, so I figure people who are keen for more information can read into it on the OTR website I've linked to. I've already had one interviewee who has expressed an interest in installing it. Hopefully it will grow from there! cheers monica On 12/06/07, Alex wrote: > > On Mon, 11 Jun 2007 16:19:12 +1000 > "Monica Barratt" wrote: > > > Just letting you know that my Encryption Guide is now online here: > > http://www.ndri.curtin.edu.au/drugsonforums/encryption.html > > I noticed that you said OTR was an "encryption program" in the Instant > Messaging section. Encryption is part of OTR, but not all of OTR. OTR > provides authentication, deniability, encryption, and perfect forward > secrecy. I would rephrase it to say that OTR is a "instant message > security application." Just my two cents. > > -- > Alex > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nix at go-nix.ca Tue Jun 12 17:27:47 2007 From: nix at go-nix.ca (Gabriel Schulhof) Date: Wed, 13 Jun 2007 00:27:47 +0300 Subject: [OTR-users] Packaging gaim-otr Message-ID: <1181683667.29505.2.camel@localhost.localdomain> Hi! I maintain a Pidgin distribution for Internet tablets (http://pidgin.garage.maemo.org/). I would like to ship OTR as part of my distribution. libotr builds fine, but gaim-otr looks for gaim.pc which, of course, is gone. Is there a version of OTR that works with Pidgin? TIA, Gabriel P.S.: Tarball versions: gaim-otr-3.0.0.tar.gz libotr-3.0.0.tar.gz From nix at go-nix.ca Tue Jun 12 19:08:56 2007 From: nix at go-nix.ca (Gabriel Schulhof) Date: Wed, 13 Jun 2007 02:08:56 +0300 Subject: [OTR-users] Packaging gaim-otr In-Reply-To: <466F2342.1020203@rbgi.net> References: <1181683667.29505.2.camel@localhost.localdomain> <466F2342.1020203@rbgi.net> Message-ID: <1181689736.29505.9.camel@localhost.localdomain> Hi, Kristofer! On Wed, 2007-06-13 at 00:50 +0200, Kristofer ?berg wrote: > >From the web site: > > "6 May 2007: We now have an installer for the Pidgin 2.0.0 plugin." ... and that's a link to a Windoze .exe file. I need to build the Pidgin plugin for an armel platform from source. This does not work with the tarballs I mentioned in my previous email (gaim-otr-3.0.0.tar.gz). Gabriel From ian at cypherpunks.ca Tue Jun 12 20:34:57 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 12 Jun 2007 20:34:57 -0400 Subject: [OTR-users] Packaging gaim-otr In-Reply-To: <1181689736.29505.9.camel@localhost.localdomain> References: <1181683667.29505.2.camel@localhost.localdomain> <466F2342.1020203@rbgi.net> <1181689736.29505.9.camel@localhost.localdomain> Message-ID: <20070613003457.GA5911@yoink.cs.uwaterloo.ca> On Wed, Jun 13, 2007 at 02:08:56AM +0300, Gabriel Schulhof wrote: > Hi, Kristofer! > > On Wed, 2007-06-13 at 00:50 +0200, Kristofer ?berg wrote: > > >From the web site: > > > > "6 May 2007: We now have an installer for the Pidgin 2.0.0 plugin." > ... and that's a link to a Windoze .exe file. > > I need to build the Pidgin plugin for an armel platform from source. > This does not work with the tarballs I mentioned in my previous email > (gaim-otr-3.0.0.tar.gz). We're working on an official pidgin-otr release. If you need something quicker, CVS is the best I can offer for now. - Ian From paul at cypherpunks.ca Wed Jun 13 11:57:23 2007 From: paul at cypherpunks.ca (Paul Wouters) Date: Wed, 13 Jun 2007 11:57:23 -0400 (EDT) Subject: [OTR-users] Packaging gaim-otr In-Reply-To: <1181683667.29505.2.camel@localhost.localdomain> References: <1181683667.29505.2.camel@localhost.localdomain> Message-ID: On Wed, 13 Jun 2007, Gabriel Schulhof wrote: > I maintain a Pidgin distribution for Internet tablets > (http://pidgin.garage.maemo.org/). I would like to ship OTR as part of > my distribution. libotr builds fine, but gaim-otr looks for gaim.pc > which, of course, is gone. > > Is there a version of OTR that works with Pidgin? Grab the source rpm from the Fedora repository. It has the source and the patches to make it work. (Use the source rpm from Fedora 7). Paul From cannonfodder at hush.com Sat Jun 16 13:07:59 2007 From: cannonfodder at hush.com (cannonfodder at hush.com) Date: Sat, 16 Jun 2007 13:07:59 -0400 Subject: [OTR-users] Support for Finch or other CLI clients Message-ID: <20070616170759.98FA922825@mailserver9.hushmail.com> Now that the first CLI IM client to support OTR, mICQ, is out, are there any plans to add support for Finch? Maybe somebody with more C experience could look at mICQ's implementation and figure out how to get OTR to work with Finch. Are there any other CLI clients that support OTR (without using a proxy, which requires X) that may be out there already? -- Why not be a nutritionist? Get your degree fast. Click here! http://tagline.hushmail.com/fc/CAaCXv1aE8Oh15KKFdn8bUPenPRs9JDp/ From ian at cypherpunks.ca Sat Jun 16 21:42:44 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 16 Jun 2007 21:42:44 -0400 Subject: [OTR-users] Support for Finch or other CLI clients In-Reply-To: <20070616170759.98FA922825@mailserver9.hushmail.com> References: <20070616170759.98FA922825@mailserver9.hushmail.com> Message-ID: <20070617014244.GZ6245@yoink.cs.uwaterloo.ca> On Sat, Jun 16, 2007 at 01:07:59PM -0400, cannonfodder at hush.com wrote: > Now that the first CLI IM client to support OTR, mICQ, is out, are > there any plans to add support for Finch? Maybe somebody with more > C experience could look at mICQ's implementation and figure out how > to get OTR to work with Finch. It should actually be much easier to get OTR to work with Finch than it sounds like it was to get it to work with mICQ, since Finch also uses libpurple. The pidgin-otr plugin already has a logic / UI separation (this used to be important for Adium X; I don't know if it still is), so "all" you should have to do is make a text-based interface to the configuration, dialogs, etc. > Are there any other CLI clients that support OTR (without using a > proxy, which requires X) that may be out there already? I don't know of any others. - Ian From joerg.hermsdorf at inf.tu-dresden.de Fri Jun 29 13:10:22 2007 From: joerg.hermsdorf at inf.tu-dresden.de (Joerg Hermsdorf) Date: Fri, 29 Jun 2007 19:10:22 +0200 Subject: [OTR-users] Can Bob break Alice's plausible deniability? Message-ID: <200706291910.22852.joerg.hermsdorf@inf.tu-dresden.de> Hi all, I installed the OTR plugin for kopete yesterday and had a deeper look at the OTR protocol. I couldn't find an answer to my following question in the docs, so I decided to post it here. Imagine the following scenario: Alice and Bob had an OTR conversation over ICQ. Let's assume the messages are sent over a central ICQ server which records all of Alice's conversations. Imagine Bob doesn't play after the rules and recorded every shared secret they used in their conversation. Together with the ICQ operators Bob can prove to any third party what Alice said. How? Imagine the ICQ server has a legally authorized and approved message recording system. Together with Alice's and Bob's Internet Service Providers, the ICQ operators can prove that a certain set of OTR (ciphertext) messages was sent from Alice's IP address to the ICQ server and delivered to Bob's IP address. Now Bob comes into the game and states, he has got the encryption keys for the messages sent by Alice. The keys presented by Bob indeed reveal a meaningful conversation. At this point Alice intervenes and says: "You can't believe Bob! I can give you the real encryption keys for our conversation, too! Indeed I can give you keys for any conversation of the same length one can imagine!" (plausible deniability) Bob counters: "But does your keys also produce the MACs that were sent with your messages?" I think here's the problem which breaks plausible deniability, because the MAC keys MK are always derived from the encryption keys EK. EK = H(SS), MK = H(EK) // according to sheet 19 of http://www.cypherpunks.ca/otr/otr-codecon.pdf Bob can prove, that the keys he presents, produce a meaningful plaintext conversation AND that the MAC keys derived from those encryption keys are exactly the ones, which produce the MACs that were sent with Alice's messages and they are exactly the ones which Alice always published a few messages later. I'm not sure if any court would accept the fact, that there is the low probability of a collision and that Bob was the luky one who found those false encryption keys, that: a) produce a meaningful plaintext conversation b) produce derived MAC keys, which are exactly the ones Alice published with subsequend messages and produce the MACs Alice sent with her messages If there's no logical error in my consideration, the conclusion would be to not derive the MAC keys from the encryption keys, but to: a) use a second Authenticated Key Exchange (AKE) to generate MAC keys which are independent from the encryption keys b) use the long lived private keys to sign the ciphertext messages Well, b) wouldn't allow Alice to deny that she sent a certain ciphertext message, because all messages she sent are signed with her private key. But that's everything a third party can be sure of. It would allow authenticated messages between Alice and Bob and it would allow Alice to generate valid encryption keys for arbitrary plaintext messages of the same length => plausible deniability. Nobody could prove that Bob revealed the "right" encryption keys that were actually used in the conversation between Alice and Bob. Regards, J?rg. From ian at cypherpunks.ca Fri Jun 29 14:37:07 2007 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 29 Jun 2007 14:37:07 -0400 Subject: [OTR-users] Can Bob break Alice's plausible deniability? In-Reply-To: <200706291910.22852.joerg.hermsdorf@inf.tu-dresden.de> References: <200706291910.22852.joerg.hermsdorf@inf.tu-dresden.de> Message-ID: <20070629183707.GM6400@thunk.cs.uwaterloo.ca> On Fri, Jun 29, 2007 at 07:10:22PM +0200, Joerg Hermsdorf wrote: > Hi all, > > I installed the OTR plugin for kopete yesterday and had a deeper look at the > OTR protocol. I couldn't find an answer to my following question in the docs, > so I decided to post it here. > > Imagine the following scenario: > Alice and Bob had an OTR conversation over ICQ. Let's assume the messages are > sent over a central ICQ server which records all of Alice's conversations. > Imagine Bob doesn't play after the rules and recorded every shared secret > they used in their conversation. Together with the ICQ operators Bob can > prove to any third party what Alice said. How? But IP addresses are totally insecure. I can grab the first few packets of any OTR conversation Alice has (with me, for sure, and possibly with anyone at all; I'd have to think more about this), and use it to completely forge an entirely new conversation between "Alice" and me (using the toolkit that comes with OTR software). Because the MAC keys are published a few packets on, I can modify the "next D-H pubkey" field of the first message after her signature, and from then on, I can completely fake everything. I then play that conversation through the real ICQ servers (and loggers), forging Alice's IP address on the packets that are supposed to come from her. That all being said, courts accept plaintext logs with no authentication all the time. The point of OTR's methodology is that it gives you the same deniability as plaintext, while at the same time, giving the participants strong authentication *during* the conversation. Does that make sense? - Ian