Off The Record
Black Hat Europe updated materials from Last conf
Well, Moxie Marlinspike’s voice&slides published – “Threats to Privacy”.
Heh… You should see it, if You think Google is a problem. And if You not yet – then You definitely should see it.
One of new for me ideas was OTR security philosophy – using 2step keys and adding “deniability” to all Your data. Few days before some friend of mine told me about otr plugin for Pidgin. Since all IM logging is problem, this plugin allow You to communicate securely. Logs in Gmail\Chats looks awesome when You use it. So – recommended 2install&use now if You use Pidgin. And if not – go to [link] and write\participate in creation of Your own IM client’s plugin.
During using this plugin, ICQ (as far as I see) correctly worked, but in Gtalk (aha!!) I saw some problem – When You request auth, it somehow (for me) approved automatically, and Keys were not the same. Example:
User A & user B exchange keys, at the end user A see:
Your key: AAAAA-AAAAA-AAAAA-AAAAA
User’s B key: XXXXX-XXXXX-XXXXX-XXXXX
And user B see:
Your key: BBBBB-BBBBB-BBBBB-BBBBB
User’s A key: YYYYY-YYYYY-YYYYY-YYYYY
In ICQ, for example, Keys are AAAA and BBBB for both participants.
Strange, and for me it looks like automatic MITM attempt when OTR plugin detected. Anyway, we exchanged shared passphrase. Hope it better.
