[OTR-users] OTR and CHAT question

Paul Wouters paul at cypherpunks.ca
Mon Jan 29 23:44:32 EST 2007


On Mon, 29 Jan 2007, Robert Ryan wrote:

> The difference being that the PGP key is only decrypted for as long as
> it takes to decrypt a single message. It is never stored to disk. PGP
> also takes special pains to protect the memory location it is decrypted
> to. By default the memory is wiped after it is used.

That doesn't help against the key logger trojan.

> The OTR key file must remain decrypted for the entire conversation.

Does it? I thought once the OTR session has started, it is no longer
needed until a new user needs to be identified? After all, OTR doesn't
use signed messages by the OTR key.

> is a plain text file that anyone can read or write.

On a real OS, only the user itself can read/write it :)

> It is stored, in the
> open, on disk. You have to be careful that you wipe the decrypted
> version at the end.

Having a passphrase on the disk would be a good feature. Though the security
is very limited. How many people still usea pincode on their phone? I
realised years ago I never turn off my phone, so whoever steals my phone
can use it without limitations as long as it stays powered up. The pincode
adds no protection (and by now i dont set it anymore). Another example is
my laptop's SSH agent. It runs most of the time, and has my ssh passphrase
credentials so I can ssh without retyping the key passphrase all the time.
Now with that, I'm a little bit more careful. When going to public events,
I disable it But if someone breaks into my house, there is a good change
my ssh agent is running with some privs. OTR would have these issues too,
as everyone leaves their IM client running overnight, or through laptop
suspensions. And having to type a passphrase per application will just
mean people start using one passphrase for all their applications.

> But I do need to know that the Alex who sent this message is the same as
> the one who sent the message on Jan 26. The OTR fingerprint only
> identifies you, it does not authenticate you.
> Authentication involves something only you know like a PIN or passphrase.

You could use FileVault or whatever the Windows/Linux equivalent is to
using an encrypted home directory. fuse or pgp-disk or something.

> It's worse than that, it would only take a few moments to walk off with
> the keyfile itself. If that happens there is no way to revoke the key!

The person still needs to password to the IM account as well. Perhaps even
needing your profile photo from your laptop. and hewould need you not
telling your friends your old key was stolen. You could change your IM
password and make its title "OTR KEY STOLEN, please delete".

I don't think OTR should become Yet Another PKI. Though I would like to
see some way of using OTR to kickstart other identity issues. For instance
agreeing on a temporary symmetric key (for SIP encryption or a file download)

Paul



More information about the OTR-users mailing list