Full Disclosure mailing list archives

Re: Skype chat encryption with OTR

From: JM <ubahmapk () gmail com>
Date: Thu, 19 Jun 2008 08:55:01 -0500

On Thu, Jun 19, 2008 at 01:28, Tonnerre Lombard
<tonnerre.lombard () sygroup ch> wrote:

Salut, rawket,

On Thu, 19 Jun 2008 13:00:49 +1000, rawket wrote:

/There is no denying that an OTR Conversation has been encrypted..
Its because the private keys change ultra-frequently, and the keys
are short lived that it provides the 'plausible deniability'


Not exactly. The plausible deniability is due to the fact that the
signature is executed using a symmetric key known to both parties, so
that either party (but noone else) could have sent the message.

                               Tonnerre


Actually, the shared keys are *published* once they're discarded to
improve plausible deniability.  That lets anyone forge an *old*
message, but ensures you wont' accept a forged message during the
course of the conversation.

From http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html


Revealing MAC keys

Whenever you are about to forget either one of your old D-H key pairs,
or one of your correspondent's old D-H public keys, take all of the
receiving MAC keys that were generated by that key (note that there
are up to two: the receiving MAC keys produced by the pairings of that
key with each of two of the other side's keys; but note that you only
need to take MAC keys that were actually used to verify a MAC on a
message), and put them (as a set of concatenated 20-byte values) into
the "Old MAC keys to be revealed" section of the next Data Message you
send. This in done to allow the forgeability of OTR transcripts: once
the MAC keys are revealed, anyone can modify an OTR message and still
have it appear valid. But since we don't reveal the MAC keys until
their corresponding pubkeys are being discarded, there is no danger of
accepting a message as valid which uses a MAC key which has already
been revealed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Skype chat encryption with OTR Fabio Pietrosanti (naif) (Jun 18)
- Re: Skype chat encryption with OTR Ureleet (Jun 18)
  - Re: Skype chat encryption with OTR Fabio Pietrosanti (naif) (Jun 18)
- <Possible follow-ups>
- Re: Skype chat encryption with OTR rawket (Jun 18)
  - Re: Skype chat encryption with OTR Tonnerre Lombard (Jun 18)
    - Re: Skype chat encryption with OTR Eliah Kagan (Jun 19)
    - Re: Skype chat encryption with OTR rawket (Jun 19)
    - Re: Skype chat encryption with OTR Fabio Pietrosanti (naif) (Jun 19)
    - Re: Skype chat encryption with OTR I)ruid (Jun 19)
    - Re: Skype chat encryption with OTR JM (Jun 19)
    - Re: Skype chat encryption with OTR Tonnerre Lombard (Jun 19)