[cryptography] OTR and deniability

Marsh Ray marsh at extendedsubset.com
Sat Jul 16 19:23:10 EDT 2011


On 07/15/2011 11:21 PM, Ian Goldberg wrote:
>
> Just to be clear: there are _no_ OTR-related mathematical points or
> issues here.  The logs were in plain text.  OTR has nothing at all to do
> with their deniability.

It's a good bet the entirety of the informant's PC was acquired for 
computer forensic analysis, as well as every PC Manning is known to have 
touched. There's a good chance some traffic data was retained from the 
network where Manning allegedly did the chatting and data transfer.

Sure the logs we see are in plain text, but that's almost certainly not 
all the data in play. Deniability may yet still depend on OTR and its 
implementation.

Note that the logs indicate the parties were unauthenticated and the 
connection was bouncing. Was this a man-in-the-middle interception? Does 
the protocol and implementation issue a message to the user when an 
"unauthenticated" identity changes its key?

- Marsh

http://www.wired.com/threatlevel/2011/07/manning-lamo-logs#m765

> (01:37:03 AM) bradass87 has signed on.
>
> (01:37:51 AM) bradass87: no no… im at FOB hammer (re: green zone); persona is killing the fuck out of me at this point… =L
>
> (01:37:51 AM) info at adrianlamo.com <AUTO-REPLY>: I’m not here right now
>
> (01:37:55 AM) Error setting up private conversation: Malformed message received
>
> (01:37:55 AM) We received an unreadable encrypted message from bradass87.
>
> (01:37:58 AM) bradass87: [resent] <HTML>no no… im at FOB hammer (re: green zone); persona is killing the fuck out of me at this point… =L
>
> (01:38:07 AM) bradass87 has ended his/her private conversation with you; you should do the same.
>
> (01:38:18 AM) Error setting up private conversation: Malformed message received
>
> (01:38:20 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:38:30 AM) Error setting up private conversation: Malformed message received
>
> (01:38:33 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:38:43 AM) Error setting up private conversation: Malformed message received
>
> (01:38:46 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:38:57 AM) Error setting up private conversation: Malformed message received
>
> (01:38:59 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:39:10 AM) Error setting up private conversation: Malformed message received
>
> (01:39:13 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:39:22 AM) Error setting up private conversation: Malformed message received
>
> (01:39:25 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:39:36 AM) Error setting up private conversation: Malformed message received
>
> (01:39:39 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:39:49 AM) Error setting up private conversation: Malformed message received
>
> (01:39:52 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:40:02 AM) Error setting up private conversation: Malformed message received
>
> (01:40:04 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:40:15 AM) Error setting up private conversation: Malformed message received
>
> (01:40:18 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:40:30 AM) Error setting up private conversation: Malformed message received
>
> (01:40:31 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:40:41 AM) Error setting up private conversation: Malformed message received
>
> (01:40:45 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:40:54 AM) Error setting up private conversation: Malformed message received
>
> (01:40:57 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:41:08 AM) Error setting up private conversation: Malformed message received
>
> (01:41:10 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:41:21 AM) Error setting up private conversation: Malformed message received
>
> (01:41:23 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:41:37 AM) Error setting up private conversation: Malformed message received
>
> (01:41:50 AM) Error setting up private conversation: Malformed message received
>
> (01:41:52 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:42:03 AM) Error setting up private conversation: Malformed message received
>
> (01:42:05 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:42:19 AM) Error setting up private conversation: Malformed message received
>
> (01:45:17 AM) The encrypted message received from bradass87 is unreadable, as you are not currently communicating privately.
>
> (01:45:20 AM) Unverified conversation with bradass87 started.
>
> (01:45:20 AM) bradass87: [resent] <HTML>otr fritzing
>
> (01:45:40 AM) bradass87 has ended his/her private conversation with you; you should do the same.
>
> (01:45:46 AM) The following message received from bradass87 was not encrypted: [otr is bugging out]
>
> (01:45:54 AM) Unverified conversation with bradass87 started.
>
> (01:46:02 AM) bradass87: no no… im at FOB hammer (re: green zone); persona is killing the fuck out of me at this point… =L
>
> (01:46:15 AM) bradass87: [phew, seems to be working now]
>
> (01:47:36 AM) info at adrianlamo.com: :)
>




More information about the cryptography mailing list