Off-the-Record Messaging (IM plugin)
Hal Finney
hal at finney.org
Thu Dec 16 10:16:27 PST 2004
> Nikita Borisov and Ian Goldberg have released
> Off-the-Record Messaging (http://www.xelerance.com/mirror/otr/),
It looks like Ian Goldberg's site might be a more authoritative source,
http://www.cypherpunks.ca/otr/ .
One interesting feature is authentication + deniability. You know who
you are talking to, but afterwards anyone who captured a transcript can't
prove who said it. Usually we do authentication with digital signatures,
but the problem is that binds you to what you say and it can be used
against you afterwards.
OTR does it by signing the key exchange which creates a MAC key for each
direction. (A MAC is a keyed hash which is then applied to each message.)
Each message gets MAC'd and this way you know that the messages are
authentic and untampered.
This already protects you against your conversant; both of you know the
MAC keys in each direction (one knows them in order to MAC new messages;
the other knows them in order to verify the MAC), so each guy can
forge messages created by the other guy and create a bogus transcript.
That means that neither person can publish a transcript and credibly
claim that it authentically represents what was said.
Then, there's another trick: when you are through with them you publish
your MAC keys, in the clear. This does not compromise secrecy; all of
the data is encrypted with a different key. But it means that now, anyone
could in retrospect forge a transcript showing you saying anything at all.
And that of course means that no such transcript has any credibility in
terms of providing cryptographic evidence of what you said.
Hal
More information about the cypherpunks-legacy
mailing list