@whispersystems @moxie plaintext isn't deniable, why would OTR crypto be?
-
-
-
@dakami Speaking cryptographically. -
@whispersystems that's the thing, our metrics weren't adopted -
@dakami Not saying they were. But when designing a secure protocol, we want to do the best that we can within that domain. -
@whispersystems indeed. indeed.
End of conversation
New conversation -
-
-
@whispersystems Neat! Being able to forge an A<->C convo is different from being able to forge an A<->B convo though, right? -
@j4cob Yes, although it adds plausibility that any (A,B) conv could be a forgery. It's currently not 3prd party forgable and def. happened. -
@whispersystems@j4cob: stop me if I'm wrong, but forging A<->B conv is possible: we know g^A and g^B, choosing a and b gives g^Ab and g^Ba
End of conversation
New conversation -
-
-
@whispersystems@moxie I think you should post this to the otr-dev list, we'd like to have a conversation about it...Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@whispersystems if nothing is signed during the convo... How can u be sure who you are talking to during the convo? Are priv. keys unused?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@whispersystems@moxie If you can distinguish from random, then you've got a strong case for the existence of ciphertext, obviously.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@whispersystems@moxie I wonder if it's possible to build new related keys from those old keys and distinguish HMAC from a random function?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.