On 07/23/2011 07:04 PM, Marcio B. Jr. wrote: > On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen <r...@sixdemonbag.org> wrote: >>> So far, OTR adoption seems unjustifiable, really. I mean, it uses the >>> Diffie-Hellman key exchange method with block ciphers. >> >> Why is this a problem? > > You know, secrets are shared. 100% increase (at least) in "exposing" risks.
I am struggling with how to respond to your messages since i find them
confusing.
Are you aware that the purpose of OTR is to allow two parties to
communicate confidentially?
In a confidential communication, a secret message is sent from party A
to party B. The entire purpose is to share the secret between the two
parties. They have to share the key to the cipher in order to share the
secret.
OpenPGP itself uses this sort of symmetric encryption to encrypt
messages with a random session key, and only uses asymmetric encryption
to encrypt the session key itself.
If you research other popular encryption standards (e.g. TLS), you'll
find this "hybrid" approach is quite common. If there's a serious
downside or risk to it, could you outline the sort of attack you're
concerned about?
Thanks,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
