[OTR-dev] Voice/Video OTR (was Re: Codec2 and OTR)

[Peter Fairbrother]

On 15/02/13 23:27, Peter Lawler wrote:
>  I'm semi-committed to hacking on this with one of the more prolific
> Pidgin plugin authors over the next few months. One thing I had already
> though about would be investigating along the way would be how OTR could
> hook in to this as well. However as I'm at about the same stage with
> that as I was last night with my thought bubble. In deference to the
> list, I've renamed this thread to look a bit more broadly at encrypting
> voice/video somehow.

Ok then, just a general thought or two - I don't know whether CODEC2 is 
rate-adaptive, but rate-adaptive codecs are a cryptographic no-no. It 
may be possible to reconstruct the words from the rate patterns, see eg:
http://www.cs.unc.edu/~fabian/papers/foniks-oak11.pdf

If not words then eg sentence structure may be discernable, or 
sufficient phrasing timing to identify an individual, even through the 
crypto.


Also, encrypted broadcast radio and voice chatting have different 
requirements for codecs - in broadcast radio there is no requirement for 
low latency so a guaranteed-delivery transport layer like TCP can be 
used, whereas low-latency is essential in voice chatting and it is 
usually necessary to use a fast non-guaranteed protocol like UDP.

This affects the actual crypto used, as in the latter case the crypto 
has to be able to cope with dropped packets. In the high-latency case it 
may be better to die quietly if the entire stream cannot be 
reconstructed, as an active attacker might be able to erase an 
occasional "not".


That said, I don't see any fundamental reason why OTR's key exchange etc 
mechanisms (as I understand them - I am a bit out-of-date) could not be 
reused for chat or broadcast voice.


-- Peter Fairbrother