[OTR-users] Otr

Carman Carman carman.carman at yahoo.com
Mon Dec 24 00:07:24 EST 2007 

--- Ian Goldberg <ian at cypherpunks.ca> wrote:

> On Tue, Dec 18, 2007 at 10:17:07PM -0800, Carman
> Carman wrote:
> > > If you encrypt messages directly with a
> long-term
> > > public key (like PGP
> > > usually does), you lose the perfect forward
> secrecy
> > > property.  Suppose
> > > someone (say, the IM server operator) is
> recording
> > > all of your
> > > incoming (encrypted) messages. Then, perhaps
> months
> > > later, they manage
> > > to steal your long-term private key, say via a
> > > targetted virus.  Now
> > > they can *retroactively* decrypt those months
> worth
> > > of messages.
> > > 
> > I meant that it could still be a short term key
> just a
> > public one.
> 
> That's effectively what OTR *does* do.  The
> short-term Diffie-Hellman
> keys are public keys, and they're used to derive the
> symmetric session
> keys that are used for encryption and
> authentication.
> 
It was what I read in your paper about your wanting to
make it so that any one could be encrypting messages
with the same keys as Alice and Bob. I thought that if
you used public keys to actually really be encrypting
the messages then any one easily could be makeing
messages exactly like Alice and Bob.

> > If you used public keys I thought that it would be
> > easier for other ones to encrypt messages with the
> > same key. Then I was thinking that if the mac keys
> > were gone the other ones wouldnt have to wait for
> the
> > keys to be published they could use any key and no
> one
> > could be knowing which key was Alice's. It would
> be
> > better if they didnt have to wait, wouldnt it.
> 
> I'm not sure I see what you're saying.  The point of
> publishing the MAC
> keys is that, even if the adversary was involved in
> the conversation,
> and does know all of Alice's public information, he
> still can't produce
> a convincing transcript.
> 
It just seems to me that publishing the mac keys
doesnt really make more refutations for Alice. In
fact, because it doesnt make a true symmetry between
Alice's messages and those of a third party an
eavesdropper can distinguish them by knowing something
about when they were sent.

>    - Ian
> 






      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

More information about the OTR-users mailing list