[cryptography] OTR and deniability
iang at iang.org
Thu Jul 14 04:53:28 PDT 2011
On 14/07/11 12:37 PM, Ai Weiwei wrote:
> Hello list,
> Recently, Wired published material on their website which are claimed to be logs of instant message conversations between Bradley Manning and Adrian Lamo in that infamous case.  I have only casually skimmed them, but did notice the following two lines:
> (12:24:15 PM) bradass87 has not been authenticated yet. You should authenticate this buddy.
> (12:24:15 PM) Unverified conversation with bradass87 started.
> I'm sure most of you will be familiar; this is evidence that a technology known as Off-the-Record Messaging (OTR)  was used in the course of these alleged conversations.
> I apologize if this is off topic or seems trivial, but I think a public discussion of the merits (or lack thereof) of these alleged "logs" from a technical perspective would be interesting.
I believe it is germane to anyone designing crypto protocols to understand
how they actually impact in user-land. This particular one is a running
sore for me because of its outrageous claim of deniability.
> The exact implications of the technology may not be very well known beyond this list. I have carbon copied this message to the defense in the case accordingly.
> If I understand correctly, OTR provides deniability, which means that these alleged "logs" cannot be proven authentic.
The *claim made by OTR is to provide technological deniability* as opposed
to any non-technological status. Its non-technical deniability is zilch.
Unfortunately, outside the technology, it is trivial to prove the logs as
authentic. This is confusing for the technologists as they are trying to
create a perfect security product, and they believe that technology rules.
What they've failed to realise is that real life provides some trivial
bypasses, and in this situation, they may very well be creating more harm
-- by sucking people into a false sense of security.
Design of security systems is tough, it is essential to include the human
elements in the protocol, elsewise we end up with elegant but useless
features. Sometimes we enter into danger, as is seen with OTR or BitCoin,
where a technological elegance causes people to lose their common sense and
grasp of reality.
> In fact, the OTR software is distributed with program code which makes falsifying such "logs" trivial. Is this correct?
Dunno. Could be. Evidence of a false sense of security, to me.
> What do you think? ....
On the specific legal case: well, nothing we see in open press will
really be reliable. You're looking at the USG going for broke against a
couple of lonely mixed up people who USG mistakenly let near a TS site. It
will be a total mess. Mincemeat, fubar, throw away the key. The case will
see all sorts of mud thrown up, with both sides trying their darndest to
muddy the waters.
>From the external pov, there will be no clarity. Nothing really to say or
think, except, ... don't make that mistake? Relying on crypto blahblah
promises like OTR or PGP when you're about to release a wikileaks treasure
trove doesn't sound like rational thinking to me.
cryptography mailing list
cryptography at randombit.net
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy