[cryptography] OTR and deniability

Marsh Ray marsh at extendedsubset.com
Fri Jul 15 13:03:00 EDT 2011

On 07/13/2011 09:37 PM, Ai Weiwei wrote:
> Hello list,
> Recently, Wired published material on their website which are claimed
> to be logs of instant message conversations between Bradley Manning
> and Adrian Lamo in that infamous case. [1] I have only casually
> skimmed them, but did notice the following two lines:
> (12:24:15 PM) bradass87 has not been authenticated yet. You should
> authenticate this buddy. (12:24:15 PM) Unverified conversation with
> bradass87 started.
> I'm sure most of you will be familiar; this is evidence that a
> technology known as Off-the-Record Messaging (OTR) [2] was used in
> the course of these alleged conversations.
> I apologize if this is off topic or seems trivial, but I think a
> public discussion of the merits (or lack thereof) of these alleged
> "logs" from a technical perspective would be interesting.

I think so too, if only to understand how the crypto turns out to be 
largely irrelevant once again.

There's very little data available. Is there anything other than what's 
been published by Wired?

> The exact
> implications of the technology may not be very well known beyond this
> list. I have carbon copied this message to the defense in the case
> accordingly.
> If I understand correctly, OTR provides deniability, which means that
> these alleged "logs" cannot be proven authentic. In fact, the OTR
> software is distributed with program code which makes falsifying such
> "logs" trivial. Is this correct?
> On a related note, a strange message to Hacker News at about that
> time [3] seems to now have found a context. Not to mention talk of
> "compromised" PGP keys: the prosecution witness created a new key
> pair June 2, 2010 (after 6 months with no keys for that email address
> -- why precisely then?), and replaced these a day less than one month
> later -- citing "previous key physically compromised." [4]

That would be consistent with Lamo hinting to his peeps that his 
computer was taken by investigators. But his advice for others to 
regenerate their own private keys shows that either he himself doesn't 
understand the cryptographic properties of these protocols or he 
believes some other keys have been compromised too.

> Note the
> arrest in the case occurred in between these two events, with
> encrypted emails purportedly having been received in the meantime:
> [5]
> "Lamo told me that Manning first emailed him on May 20 ..."
> What do you think? First the prosecution witness turns out less than
> credible, [6] now the key piece of evidence is mathematically
> provably useless...

> [1] http://www.wired.com/threatlevel/2011/07/manning-lamo-logs/ [2]
> http://www.cypherpunks.ca/otr/ [3]
> http://news.ycombinator.com/item?id=1410158 [4]
> http://pgp.mit.edu:11371/pks/lookup?search=adrian+lamo&op=vindex&fingerprint=on
[5] http://www.salon.com/news/opinion/glenn_greenwald/2010/06/18/wikileaks
> [6] http://www.google.com/search?q=lamo+drugs
> _______________________________________________ cryptography mailing
> list cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list