[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Debian forms Off-the-Record team

Debian forms Off-the-Record team

Posted Apr 23, 2014 16:19 UTC (Wed) by nybble41 (subscriber, #55106)
In reply to: Debian forms Off-the-Record team by giraffedata
Parent article: Debian forms Off-the-Record team

> It would be hard to convince someone that you went to the trouble of encrypting a conversation, but published the key before you were caught.

That would be true if you had to manually publish the key, but that's not how OTR works. The per-message authentication key is derived from the decryption key, guaranteeing that anyone who was able to read the encrypted message could also have forged it. The key (which is not reused) is also revealed as part of the next message.

There's a better description here:
http://en.wikipedia.org/wiki/Deniable_authentication

With PGP you use the same key to sign every message, so it needs to be kept private and can be used to identify you as the source. OTR uses a different key for every message, so there's no problem with revealing the key once the message has been authenticated.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds