[OTR-users] Re: OTR-users digest, Vol 1 #77 - 4 msgs

CLAY SHENTRUP CLAY at BROKENLADDER.COM
Fri Jun 24 13:51:08 EDT 2005


You can easily edit your otr keys file so that the same key is used for
all.  That's what I did.  Then I used different keys for different
locations, in case the NSA cracks into the computer at my San Francisco
hospital office.

-Winston Smith (nyuk nyuk)


--------------------------------------------------
ENCRYPTED MESSAGES ARE PREFERRED.  PLEASE USE
THE PGP PUBLIC KEY FOR BROKEN LADDER AT
HTTP://ESKILO.WARPMAIL.NET/

----- Original message -----
From: otr-users-request at lists.cypherpunks.ca
To: otr-users at lists.cypherpunks.ca
Date: Fri, 24 Jun 2005 06:34:02 -0400
Subject: OTR-users digest, Vol 1 #77 - 4 msgs

Send OTR-users mailing list submissions to
	otr-users at lists.cypherpunks.ca

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.cypherpunks.ca/mailman/listinfo/otr-users
or, via email, send a message with subject or body 'help' to
	otr-users-request at lists.cypherpunks.ca

You can reach the person managing the list at
	otr-users-admin at lists.cypherpunks.ca

When replying, please edit your Subject line so it is more specific
than "Re: Contents of OTR-users digest..."


Today's Topics:

   1. Re: OTR-users digest, Vol 1 #76 - 4 msgs (CLAY SHENTRUP)
   2. private key for multiple accounts (Olivier Schwander)
   3. Re: private key for multiple accounts (Alex)
   4. Re: private key for multiple accounts (Ian Goldberg)

--__--__--

Message: 1
From: "CLAY SHENTRUP" <CLAY at BROKENLADDER.COM>
To: otr-users at lists.cypherpunks.ca
Date: Thu, 23 Jun 2005 09:17:21 -0700
Subject: [OTR-users] Re: OTR-users digest, Vol 1 #76 - 4 msgs

>This is in fact exactly how it's done now.  :-)

Ah, yes.  I just looked over the protocol PDF again and I see that this
is exactly how it's done.  I should have known better considering the
genius behind OTR. :)  It might be slightly incriminating if it became
obvious that you chose your X_a such that it satisfie a particular e and
n, in Diffie-Hellman terms, but it's hard to envision how strong that
connection would be, or in which scenario that might even come into
play.

As to the anonymity over private server networks, what about scenarios
such as, sending a message (in an encryption shell) to ten people, who
each strip away one layer of encryption, and then send to 10 people, and
so on, until you've reached say, 1000 people.  In this case, many many
people would receive the message, but only the intended recipient would
be able to read it.  I've heard this type of technique, like posting
messages up on a public board where the recipient reads all messages,
and discovers which ones are addressed to him, "shouting" or something
like that.  Even if the NSA or the like were watching this, how feasible
would it be to track down 1000 people, search their hard drives, etc. 
Say you make it 10,000, and constructed it so that all the messages not
going to the intended recipient wouldn't even be the real message.  If
the maximum message size were kept relatively small, this technique
would not seem infeasible.  The bandwidth used would be negligible
compared to steraming audio and many other things that the internet is
used for, especially because it would be so highly distributed.  And the
processing resources to strip away a layer of encryption on a relatively
short stream of text, and then resend it to ten people, would not be a
significant burden upon any given user.  I could certainly be
overlooking some obvious problems, but this scenario doesn't seem
unreasonable to me.

Clay
--------------------------------------------------
ENCRYPTED MESSAGES ARE PREFERRED.  PLEASE USE
THE PGP PUBLIC KEY FOR BROKEN LADDER AT
HTTP://ESKILO.WARPMAIL.NET/


--__--__--

Message: 2
Date: Thu, 23 Jun 2005 21:19:06 +0200
From: Olivier Schwander <olivierschwander-listes at altern.org>
To: otr-users at lists.cypherpunks.ca
Subject: [OTR-users] private key for multiple accounts

Hello,
Why the private key is different for each account?
It should be easier for public key and fingerprint sharing to use a
single key for all accounts.
Is there a security reason to use different keys?

Thanks

Olivier


--__--__--

Message: 3
Date: Thu, 23 Jun 2005 15:31:33 -0400
From: Alex <alex323 at gmail.com>
To: Olivier Schwander <olivierschwander-listes at altern.org>,
        otr-users at lists.cypherpunks.ca
Subject: Re: [OTR-users] private key for multiple accounts

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBA2FAE8970DD9A099F9BA409
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

In my opinion, I like multiple keys. If your private key is stolen, all
of your IM accounts on all protocols are at risk. If you just lose one
key (MSN let's say), then you just tell people to talk to you on AIM or
something.

Olivier Schwander wrote:

>Hello,
>Why the private key is different for each account?
>It should be easier for public key and fingerprint sharing to use a
>single key for all accounts.
>Is there a security reason to use different keys?
>
>Thanks
>
>Olivier
>
>_______________________________________________
>OTR-users mailing list
>OTR-users at lists.cypherpunks.ca
>http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>

--------------enigBA2FAE8970DD9A099F9BA409
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQIVAwUBQrsOFYNsvbPFJtOPAQPK4g//TqHqkKYJ3THvdw9yeJtoeMsvqAgYPMyx
9Y2bPTBc0EexWk+0IQ2bjTs3QFQW9zbN7h72h6ptB8usQLdVUA/fygNZuOLLf+wA
m1+3Rgk78WsVbMGYGLAwWHJUAjY+eHDOxraBw8eVvkLa3qGsSXSOx5THOtmmZVu7
l+JW9bb+YLHZBG95YSIObLeKfjGBUOsprUKtzorPlK5MzW5JLmJ4uLYt6GIKQNYi
+uK/DQRJ+sGyZmyfgAhu271OkcDpfGm2u90S4jXC8O8xbh7cKYIWWoe0aCZQuwX1
bUXIL6+OX6bYJZrdygHff9nmdFQthoeaEFJFaSoRgAIwJankzMid2l6vGrDTFlvw
8hH15XEq7c6Ob6Ow3giJEvmFwlivLgoePQFqDbOLAA6N6B3F2PxExSmbHG7srZYl
KCPCS5gB4mLnoV9Ij4harxBVTG0hOnsiMG+N7xKSAkTninOacX8ReIfFsIAl1kt9
ttkPhbBWcNfVPtDj1ZMOXiZyRieoaS/woJs79Pv1nxcVAufRR1CPQX03aDgsLidN
AyrNr0a2GHqda5W+TvDkH/GDUQR/mYU0JwXWSPf4PQnbGYi3VbvXaNea4BOOezvJ
r1f8H/0VQnshA25VEerVC9fLf7M7WrBP/Qog0b4PEwkm9reXPvuZgpkA0Q0hDiyb
TlO0bQVfnm4=
=+K8s
-----END PGP SIGNATURE-----

--------------enigBA2FAE8970DD9A099F9BA409--

--__--__--

Message: 4
Date: Thu, 23 Jun 2005 16:39:53 -0400
To: otr-users at lists.cypherpunks.ca
Subject: Re: [OTR-users] private key for multiple accounts
From: Ian Goldberg <ian at cypherpunks.ca>

On Thu, Jun 23, 2005 at 09:19:06PM +0200, Olivier Schwander wrote:
> Hello,
> Why the private key is different for each account?
> It should be easier for public key and fingerprint sharing to use a
> single key for all accounts.
> Is there a security reason to use different keys?

There is.  Some people have multiple IM accounts that they don't want it
to be obvious that they're actually the same person.  For example,
someone may have the accounts MarkFeltFBI and DeepThroat.  If the
private
key was shared for all the user's accounts, it would be obvious that
they're the same person.  This way, they can be kept separate.  [Of
course, he'd likely have to use something like Tor as well, to hide his
IP.]

   - Ian


--__--__--

_______________________________________________
OTR-users mailing list
OTR-users at lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-users


End of OTR-users Digest



More information about the OTR-users mailing list