[OTR-dev] *No* evidence of intelligence agency decryption of OTR chats

[Ian Goldberg]

On Mon, Dec 29, 2014 at 02:14:01PM +0100, Hans-Christoph Steiner wrote:
> 
> Not much to go on here, but I'll add by two bits to the guesswork.
> 
> Like what Ian said, that second transcript looks a lot more like the OTR
> negotitation.  So that is a transcript of the entire chat session.  That would
> begin with OTRv2? and the whole OTR negoitation, which is plain text.  Perhaps
> there might be a couple plain text messages like "hey are you there" before
> OTR started.
> 
> The first transcript could be after one side finished OTR, and the other side
> kept typing.
> 
> I think attacks outside of OTR itself are the most likely culprit as well.
> The NSA analysts do have access to the raw materials, and they are reporting
> that OTR is difficult for them to decode, so that's the good news here.

Good news.

I just talked to Andy Müller-Maguhn here at 31C3, who is one of the
reporters working on this story, and who has access to the unredacted
file.

He says that the non-OTR lines were all separate conversations with
other people (except one line before each, which was content-free to
trigger OTR negotiation).  That is, the target was having simultaneous
conversations with multiple people, one of which used OTR and the others
did not.

So all the OTR messages were in fact undecryptable, while the
conversations that didn't use OTR had their messages recovered.

   - Ian