[OTR-users] does authentication depend on secrecy of private key
Greg Reagle
reagle at cepr.net
Fri Apr 17 10:53:01 EDT 2015
On Fri, Apr 17, 2015, at 10:41 AM, Daniel Kahn Gillmor wrote:
> Yes, that's correct. OTR will associate any remote peer with access to
> Bob's secret key material as though it were Bob.
>
> Secret keys need to remain secret for any cryptosystem to retain its
> security guarantees, and OTR is no exception.
Then why don't the docs explain this? I assume that the docs are also
for people who want security but don't understand the details of
cryptography? How can the docs claim that "They are also confident that
no one watching the network can read their messages" [1]. That seems
like an obviously false statement to me.
This seems like a major and serious vulnerability to me, and it seems
like the weakest link in the chain. I am not criticizing OTR for having
this vulnerability because, as Daniel wrote, all cryptosystems have it.
But not emphasizing it in the docs seems really deceptive to me.
It is really not that hard for Mallory to get Bob's private key. If he
leaves his computer unattended for 5 minutes Mallory could stick in a
USB flash drive and copy his private key. Or Mallory could use spyware
or some sort of other hacking. Or Bob might include his private key
file in an online backup or Dropbox not realizing it.
[1] https://otr.cypherpunks.ca/help/4.0.0/levels.php?lang=en
--
Greg Reagle
System & Network Administrator
Center for Economic and Policy Research
reagle at cepr.net
More information about the OTR-users
mailing list