[OTR-users] [OTR-dev] otr dh key encryption
Ileana
ileana at fairieunderground.info
Tue Feb 19 16:14:51 EST 2013
On Tue, 19 Feb 2013 02:58:50 -0500
Alex <alex323 at gmail.com> wrote:
> I never understood how the denyability aspect of OTR actually works.
> If you have a conversation with a "friend" who recently became an
> informant, how would OTR provide more denyability than an unencrypted,
> unsigned conversation?
>
> Sadly, I don't think the US government really cares if you have
> denyability, they'll do whatever they damn well please. :(
What the US gov (or any other snooper) does or doesn't do is irrelevant
to the conversation in the sense this is just about best practices and
mathmatics which should apply to any adversary. OTR was never supposed
to help if you are tortured into talking, I don't think.
At my first glance, OTR seems to mesh very well with the anonymity
goals one would have when using tor.
Well, I am trying to create a communication methodology for sparse
groups of people. I was thinking of making OTR a part of the
recommendation. You can see https://fairieunderground.info/node/133
for the full specs... using this method, PGP mail is the main
authentication, and then otr is used for actual communication since it
uses temporary keys.
Actually anything that actually provides strong
authentication/encryption is used for scheduling "otr"
conversations...or any other method that uses temporary encryption keys.
This is an aid to forward secrecy, and is also an aid against traffic
analysis. (Just knowing who is communicating with who and when).
I was just reviewing whether or not otr or torchat meets forward
security recommendations, which neither of them really do (so it
seems). Perhaps I should just recommend to use some other side channel
with throw-away PGP RSA asymmetric keys exchanged over authenticated PGP
email. This would require posting encrypted PGP messages to some
public forum, USENET group, or such.
For just an extra layer of security (and to get pfs) I am
reluctant to exchange symmetric keys over PGP email...people are only
so good at keeping cryptographic keys secure...so it has to be dh. OTR
seems ideal for this model, if I felt better about its cryptographic
strength.
Thanks,
Ileana
More information about the OTR-users
mailing list