Sunday, December 9, 2007

Off the record messaging (forward security)

Interesting concepts, especially forward security
http://www.cypherpunks.ca/otr/#faqs

The idea here is to have secure messaging with a few more benefits than have been available by encrypted chat (offered by gaim and many others for several years). It's supported by everyone's favorite client, Adium X. One of the problems with other methods of encrypted conversations is that they were all authenticated with the same key, so that if your machine is ever compromised the attacker can now read all your past conversations. Also, if your machine is compromised, you cannot deny having said what you said since it was signed with your key.

OTR messaging uses crazy math to ensure that each conversation is encrypted with a different key derived from the same original secret key. Therefore you cannot use a captured private key to unencrypt previous messages but you know the current conversation is authenticated because all the subkeys must have been made with the original key. (This is part of the gpg specification.)

AdiumX is available as a download beta with OTR built in.
I used to use encrypted chat but only 3 of my friends had compatible versions, so unless this were to gain traction amongst a high proportion of your friends, it is probably not very useful. However, the novel abilities of OTR would be nice to see in other products.

Imagine someone capturing your secret key and having the ability to decrypt all your previous communications. That's what happened to the Nazis when they got lazy and started reusing keys.

No comments: