[OTR-dev] [OTR-users] otr dh key encryption

Gregory Maxwell gmaxwell at gmail.com
Tue Feb 19 14:07:29 EST 2013


On Tue, Feb 19, 2013 at 10:58 AM, Ileana <ileana at fairieunderground.info> wrote:
> Another note on this:  doesn't this destroy your "plausible
> deniability"?  If there is some DSA key stored on my computer, that I
> keep showing to everyone I chat with, and is recoverable if my computer
> is seized...what is deniable about that?
>
> Until someone can explain that to me, I prefer to generate new keys for
> each communication session.

That key is never used to sign your communications.  You end up
effectively only signing short lived symmetrical keying material.
Basically an attacker can show that at some point you participated in
a conversation with a particular symmetrical key... but he could
gladly use that same symmetrical key on as many conversations as he
likes. even ones not involving you... and he can freely author
conversations authenticated with that that key, even ones you're not a
part of.

OTR even includes tools to make forged conversations, so the ability
to modify a capture is not just hypothetical.



More information about the OTR-dev mailing list