[cryptography] OTR and deniability

Ian G iang at iang.org
Thu Jul 14 07:53:28 EDT 2011

On 14/07/11 12:37 PM, Ai Weiwei wrote:
> Hello list,
> Recently, Wired published material on their website which are claimed to be logs of instant message conversations between Bradley Manning and Adrian Lamo in that infamous case. [1] I have only casually skimmed them, but did notice the following two lines:
>      (12:24:15 PM) bradass87 has not been authenticated yet. You should authenticate this buddy.
>      (12:24:15 PM) Unverified conversation with bradass87 started.
> I'm sure most of you will be familiar; this is evidence that a technology known as Off-the-Record Messaging (OTR) [2] was used in the course of these alleged conversations.
> I apologize if this is off topic or seems trivial, but I think a public discussion of the merits (or lack thereof) of these alleged "logs" from a technical perspective would be interesting.

I believe it is germane to anyone designing crypto protocols to 
understand how they actually impact in user-land.  This particular one 
is a running sore for me because of its outrageous claim of deniability.

> The exact implications of the technology may not be very well known beyond this list. I have carbon copied this message to the defense in the case accordingly.
> If I understand correctly, OTR provides deniability, which means that these alleged "logs" cannot be proven authentic.

The *claim made by OTR is to provide technological deniability* as 
opposed to any non-technological status.  Its non-technical deniability 
is zilch.

Unfortunately, outside the technology, it is trivial to prove the logs 
as authentic.  This is confusing for the technologists as they are 
trying to create a perfect security product, and they believe that 
technology rules.  What they've failed to realise is that real life 
provides some trivial bypasses, and in this situation, they may very 
well be creating more harm -- by sucking people into a false sense of 

Design of security systems is tough, it is essential to include the 
human elements in the protocol, elsewise we end up with elegant but 
useless features.  Sometimes we enter into danger, as is seen with OTR 
or BitCoin, where a technological elegance causes people to lose their 
common sense and grasp of reality.

> In fact, the OTR software is distributed with program code which makes falsifying such "logs" trivial. Is this correct?

Dunno.  Could be.  Evidence of a false sense of security, to me.

> What do you think?  ....

On the specific legal case:  well, nothing we see in open press will 
really be reliable.  You're looking at the USG going for broke against a 
couple of lonely mixed up people who USG mistakenly let near a TS site. 
  It will be a total mess.  Mincemeat, fubar, throw away the key.  The 
case will see all sorts of mud thrown up, with both sides trying their 
darndest to muddy the waters.

 From the external pov, there will be no clarity.  Nothing really to say 
or think, except, ... don't make that mistake?  Relying on crypto 
blahblah promises like OTR or PGP when you're about to release a 
wikileaks treasure trove doesn't sound like rational thinking to me.


More information about the cryptography mailing list