OT: IM encryption options [was: Re: Is the OpenPGP model still useful?]

Aaron Toponce aaron.toponce at gmail.com
Sat Jul 23 02:17:10 CEST 2011

On Fri, Jul 22, 2011 at 07:56:42PM -0300, Marcio B. Jr. wrote:
> Hello Daniel,
> sorry for such a delay; this has been a wild JULY.
> On Wed, Jul 6, 2011 at 4:09 PM, Daniel Kahn Gillmor wrote:
> > On 07/06/2011 01:28 PM, Marcio B. Jr. wrote:
> >> So far, OTR adoption seems unjustifiable, really. I mean, it uses the
> >> Diffie-Hellman key exchange method with block ciphers.
> >
> > Why does this seem unjustifiable to you?  DH and block ciphers are
> > widely-reviewed parts of the standard crypto toolkit.  Do you have
> > reason to believe they're generally bad?
> It seems unjustifiable because there exists an option in which secret
> keys need not to take risks. And if there's any security concern and
> one's to choose between zero risk and any other positive-value risk,
> it's reasonable to pick the former.

Are you familiar with the DH key exchange? It doesn't seem that you are.
There is no risk in sharing the private key between the two parties. It
basically goes like this:

Step 1: A generates the private key.
Step 2: A encrypts the private key with a one-time session key.
Step 3: A sends the encrypted private key to B.
Step 4: B encrypts the encrypted private key with his 1-time key.
Step 5: B sends the doubly-encrypted private key to A.
Step 6: A decrypts what he can with his one-time session key.
Step 7: A sends the resulting encrypted key to B.
Step 8: B decrypts the private key with his 1-time key.

B now has the private key.

The one-time session keys are never shared, but stored locally on the
machine. Once the DH key exchange finished, the session keys are destroyed.
No where in the exchange is there any risk of the private key being
compromised. A MITM can grab all the packets he likes. Unless he has one or
both session keys, he's not getting the private key.

. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110722/2a3a49a9/attachment.pgp>

More information about the Gnupg-users mailing list