Paradigms for Paranoids

R.A. Hettinga rah at
Tue Feb 15 05:36:01 PST 2005


The Register

 Biting the hand that feeds IT

The Register ; Software ; Developer ;

Paradigms for Paranoids
By Team Register (feedback at
Published Monday 14th February 2005 22:15 GMT

Codecon 2005 The fourth annual CodeCon - "a workshop for developers of
real-world applications that support individual liberties" - convened
Friday afternoon (11 Feb) at Club NV (envy, not Nevada), amid ghostly
laptop panels hovering in violet-tinted danceclub murk.

First-day registrations reached a respectable 90 (at $80 each), with more
expected as the weekend progresses.

The highlight among the first day's five presentations was Ian Goldberg and
Nikita Borisov on Off-the-Record Messaging (
(OTR), where 'messaging' can be instant messaging in any of its various
formats, including online games, and "off the record" is meant to emulate
as closely as possible the realworld strategy of sneaking off somewhere
private, where you can talk with absolutely no record of what you said that
might come back later to haunt you. (I was reminded of Maxwell Smart's
ill-omened Cone of Silence.)

Conventional crypto technologies are optimised for (e.g.) enduring longterm
contracts, but OTR prefers that messages be written as if in sand, via
"perfect forward secrecy" (PFS) and "repudiable authentication". (Even if
your conversation is cracked and transcribed, the programmers have included
a "forgery toolkit" that allows you to repudiate such transcripts as
trivial to forge.)

With such glorious levels of intimate distrust, I was surprised Ian didn't
name his exemplary chatterers "Bill" and "Monica" - both Ian and Nikita
were witty presenters, with the former doing funny voices, and the latter
offering, when a projector bulb blew during their demo, to substitute an
interpretive dance.

Another maniacally brilliant twist is that they can invisibly solicit OTR
dialogs from strangers in chat by appending an inconspicuous all-whitespace
flag, consisting of a characteristic arrangement of 24 spaces and tabs. And
it was a pleasure, as well, to hear the consistently high level of followup
questions after their talk.

Other first-day presentations: Hal Finney on digital cash ("The owner of
the server is the enemy"), David Reid and Ben Laurie of Apache on adding
group-based access controls to the certification process, Walter Landry's
exhaustive comparative benchmarking of distributed version-control apps
(due to be posted here (, and Cat Okita on
reputation management.

See the schedule ( and program
( for details. .

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list