Slashdot Mirror

← Back to Stories (view on slashdot.org)

Plausible Deniability From Rockstar Cryptographers

Posted by CmdrTaco on from the because-you-can dept.

J. Karl Rove writes "Nikita Borisov and Ian Goldberg (of many, many other projects) have released Off the Record Messaging for Gaim. Encrypt an IM, prove (at the time) that it came from you, and deny it later. The authentication works only when the message is sent; anybody can forge all the messages he wants afterwards (toolkit included). Captured or archived messages prove nothing. And forward secrecy means Big Brother can't read your messages even if he wiretaps you AND grabs your computer later on. All the gooey goodness of crypto, with none of the consequences! They have a protocol spec, source code, and Debian and Fedora binaries."

4 of 358 comments (clear)

  1. Re:I wonder by Entrope · · Score: 5, Informative

    "Later" is after the speaker decides that conversation is over. You pick a signing key for your messages, sign it with your normal public key, send messages using the first key, and your correspondent can confirm you are who you claim. When you want to finish the conversation, you publish (at least to your correspondent) the temporary signing key, and anyone who has it can then forge messages that are as trustable as what you said.

  2. Re:a little information would be nice by chill · · Score: 4, Informative

    It authenticates and creates a "conversation". This allows you to be certain the person on the other end is who you think it is. DH key exchange is performed.

    Then, messages sent during that conversation are encrypted using disposable session keys. (128-bit AES w/SHA-1 HMAC).

    Think of it as an authentication tunnel down which you send encrypted messages. The message encryption is in no way related to the authentication, and the disposable session keys mean they have no re-use value.

    -Charles

    --
    Learning HOW to think is more important than learning WHAT to think.
  3. Re:Deniable until they look at your swap partition by Mr.Ned · · Score: 4, Informative

    That's why you have encrypted swap. On OpenBSD it's as simple as setting the sysctl 'vm.swapencrypt.enable=1'; there are HOWTOs for other operating systems. Look for the device mapper on Linux, for example.

  4. Re:a little information would be nice by farnz · · Score: 4, Informative
    It uses PGP to share a key between two or more people; it then uses that key to authenticate the conversation. The difference between this and OpenPGP is that OpenPGP authenticates that the owner of a given OpenPGP key sent a message. This scheme proves that someone with the shared key sent the message.

    Thus, I can create a key that I send to my friend. He and I discuss things, both using that key for encryption. When we've finished, we publish the key used for the conversation, and anyone can now add to the conversation. Thus, while we keep the key secret between us, we're assured of a private conversation; when we publish the key, anyone can add to it, thus giving the denability

    --
    I appear to have a blog. Odd.