From iang@iang.org Fri Jul 6 02:41:27 2018 From: Ian G To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [cryptography] OTR and deniability Date: Fri, 06 Jul 2018 02:41:27 +0000 Message-ID: <172289084019.3849117.10140435503861332122.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1993097941094776296==" --===============1993097941094776296== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On 14/07/11 12:37 PM, Ai Weiwei wrote: > Hello list, > > Recently, Wired published material on their website which are claimed to be= logs of instant message conversations between Bradley Manning and Adrian Lam= o in that infamous case. [1] I have only casually skimmed them, but did notic= e the following two lines: > > (12:24:15 PM) bradass87 has not been authenticated yet. You should aut= henticate this buddy. > (12:24:15 PM) Unverified conversation with bradass87 started. > > I'm sure most of you will be familiar; this is evidence that a technology k= nown as Off-the-Record Messaging (OTR) [2] was used in the course of these al= leged conversations. > > I apologize if this is off topic or seems trivial, but I think a public dis= cussion of the merits (or lack thereof) of these alleged "logs" from a techni= cal perspective would be interesting. I believe it is germane to anyone designing crypto protocols to understand=20 how they actually impact in user-land. This particular one is a running=20 sore for me because of its outrageous claim of deniability. > The exact implications of the technology may not be very well known beyond = this list. I have carbon copied this message to the defense in the case accor= dingly. > > If I understand correctly, OTR provides deniability, which means that these= alleged "logs" cannot be proven authentic. The *claim made by OTR is to provide technological deniability* as opposed=20 to any non-technological status. Its non-technical deniability is zilch. Unfortunately, outside the technology, it is trivial to prove the logs as=20 authentic. This is confusing for the technologists as they are trying to=20 create a perfect security product, and they believe that technology rules. =20 What they've failed to realise is that real life provides some trivial=20 bypasses, and in this situation, they may very well be creating more harm=20 -- by sucking people into a false sense of security. Design of security systems is tough, it is essential to include the human=20 elements in the protocol, elsewise we end up with elegant but useless=20 features. Sometimes we enter into danger, as is seen with OTR or BitCoin,=20 where a technological elegance causes people to lose their common sense and=20 grasp of reality. > In fact, the OTR software is distributed with program code which makes fals= ifying such "logs" trivial. Is this correct? Dunno. Could be. Evidence of a false sense of security, to me. > What do you think? .... On the specific legal case: well, nothing we see in open press will =20 really be reliable. You're looking at the USG going for broke against a =20 couple of lonely mixed up people who USG mistakenly let near a TS site. It=20 will be a total mess. Mincemeat, fubar, throw away the key. The case will=20 see all sorts of mud thrown up, with both sides trying their darndest to=20 muddy the waters. >From the external pov, there will be no clarity. Nothing really to say or=20 think, except, ... don't make that mistake? Relying on crypto blahblah=20 promises like OTR or PGP when you're about to release a wikileaks treasure=20 trove doesn't sound like rational thinking to me. iang _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============1993097941094776296==--