[OTR-dev] Evidence of intelligence agency decryption of OTR chats
Hans-Christoph Steiner
hans at guardianproject.info
Mon Dec 29 08:14:01 EST 2014
Not much to go on here, but I'll add by two bits to the guesswork.
Like what Ian said, that second transcript looks a lot more like the OTR
negotitation. So that is a transcript of the entire chat session. That would
begin with OTRv2? and the whole OTR negoitation, which is plain text. Perhaps
there might be a couple plain text messages like "hey are you there" before
OTR started.
The first transcript could be after one side finished OTR, and the other side
kept typing.
I think attacks outside of OTR itself are the most likely culprit as well.
The NSA analysts do have access to the raw materials, and they are reporting
that OTR is difficult for them to decode, so that's the good news here.
.hc
Gregory Maxwell:
> http://www.spiegel.de/media/media-35552.pdf
>
> From http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html
>
> The fact that they appear to have decrypted some but not all messages
> in a log suggests to me that this is not a host compromise, or an
> MITM. But potentially an attack on 1024 bit DH or AES-CTR?
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
More information about the OTR-dev
mailing list