[OTR-users] Is Encryption Limited to Text?
Ian Goldberg
ian at cypherpunks.ca
Mon Mar 19 08:26:59 EDT 2007
On Mon, Mar 19, 2007 at 11:59:35AM +0900, Stephen Perdue wrote:
> Greetings all,
>
> Forgive what may seem a too obvious question. I read the OTR web
> page top to bottom, browsed the last year of the list archive, and
> scanned the less technical parts of the "Why Not To Use PGP" paper.
>
> Can OTR handle any data that's passed through it (e.g. video chat,
> file transfer), or is it limited specifically to text chat?
>
> The envisioned scenario is iChat + OTR proxy on an Intel MacBook at
> one end and Trillian Pro + OTR plug-in on WinXP at the other, but I'd
> welcome any insights outside those conditions as well.
At this time, OTR only protects your IM messages, not video or file
transfer. I believe Paul's trying to get someone to work on file
transfer, but I don't know of anyone working on video. The same
mechanism (use OTR to generate session keys, and encrypt/MAC with them,
publish the MAC key later) would work for both; you may want to rotate
keys now and again for a long video chat. But I have no idea what the
video chat API looks like, since AFAIK, gaim doesn't support it yet.
> While I'm at it, it looks two people have reported issues running OTR
> Proxy on Intel MacBooks. Has anyone else had issues? Can anyone
> report smooth operation?
Some people reported that the Motorola code had issues on Intel machines
under emulation, but others found it fine. Somebody posted a link to a
native Intel binary, though, if I remember correctly.
> If OTR is not suitable, any other suggestions for reasonably private
> video chat? (I use Skype now but find it a bit flakey.) I have no
> expectation of selective attack, just everyday privacy concerns. I
> can live without deniability/forgeability since I'm certainly beneath
> the interest of anyone with the resources to convincingly forge video.
Back In The Day (the 90's), I used vic for video chat, which supported
at least some encryption (DES at the time). I bet you'd be hard-pressed
to get it to still work today, though.
- Ian
More information about the OTR-users
mailing list