[guardian-dev] otr perfect forward secrecy

Tim Prepscius timprepscius at gmail.com
Fri Aug 16 17:36:42 EDT 2013


This is a bit off topic but..

I'm wondering whether OTR caches previous conversations.
And how OTR maintains forward secrecy if it does.

I would guess that you are using some original passphrase to PBE
(passphrase + some hash of some sort) -> AES -> store on disk.

But if I managed to steal your data + password.  I could decrypt all
conversations... Right?
They would be able to impersonate you.
It has to be this way I suppose.  Else you couldn't read your own
cached conversations.




I've been contemplating the best way to make Mailiverse forward secret.
I'd like to make it so that if someone managed to steal your private
key, they would not be able to read your mails.


I actually didn't know about ECDHE-RSA-RC4-SHA until recently.  It
seems to me like SRP+SSL.  Very interesting.  Probably a better option
than SRP for transfer of encrypted user block.  Or at least more
standard.

But it doesn't solve the problem of the necessity of reading twice an e-mail.
And reading caches.




Since there is no temporary key negotiation for caches I don't see how
to make it forward secret.  Any thoughts?



-tim


More information about the Guardian-dev mailing list