[cryptography] OTR and deniability

Thierry Moreau thierry.moreau at connotech.com
Sun Jul 17 15:40:26 EDT 2011


Marsh Ray wrote:
> On 07/15/2011 11:21 PM, Ian Goldberg wrote:
>>
>> Just to be clear: there are _no_ OTR-related mathematical points or
>> issues here.  The logs were in plain text.  OTR has nothing at all to do
>> with their deniability.
> 
> It's a good bet the entirety of the informant's PC was acquired for 
> computer forensic analysis, as well as every PC Manning is known to have 
> touched. There's a good chance some traffic data was retained from the 
> network where Manning allegedly did the chatting and data transfer.
> 
> Sure the logs we see are in plain text, but that's almost certainly not 
> all the data in play. Deniability may yet still depend on OTR and its 
> implementation.
> 
> Note that the logs indicate the parties were unauthenticated and the 
> connection was bouncing. Was this a man-in-the-middle interception? Does 
> the protocol and implementation issue a message to the user when an 
> "unauthenticated" identity changes its key?
> 
> - Marsh
> 

I didn't look at the details of this incident/case beyond the discussion 
on this list.

However, it appears that the two questions in the last paragraph below 
are sufficiently doubt casting for challenging the electronic evidence 
as a reliable account of a conversation using electronic means.

Thus, the OTR protocol (including detection of re-keying exchange) would 
appear to have the indirect result of reporting tampering-in-the-loop. 
Maybe not as a specific design goal, but as a consequence of 
cryptographic processing which makes everything more error-prone.

Just my 0.02 cents.

- Thierry Moreau




More information about the cryptography mailing list