On Sun, Jul 28, 2013 at 11:46 PM, Arlo Breault <[email protected]> wrote: > https://whispersystems.org/blog/simplifying-otr-deniability/
I'm a bit confused by "It’s true that by publishing old MAC keys, anyone is capable of modifying the ciphertext of a previously observed message. However, even if that person can guess the plaintext and is capable of making predictable modifications to the ciphertext via a malleable encryption scheme, they still can’t demonstrate valid plaintext to anyone else without the cipher keys (and if they had those, they would be able to calculate the MAC keys anyway). What’s more, since the initial OTR key exchange is signed and transmitted through an unobservable channel (an “outer” ephemeral key exchange), it’s not actually possible for anyone to produce what appears to be a conversation with you." In the context of the fact that libotr actually ships with tools for creating these "not actually possible" transcripts. In particular, you can just _make up_ an AES key, modify the transcript to say whatever you want assuming that AES key and you get a completely plausable transcript which you know the AES key for that appears to be between the named parties. Am I missing here or is the above quote some really scary commentary to be coming from someone who claims to be 'improving' OTR? _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
