Security: Off-the-Record Messaging

These guys created a method of sending IM messages which provides a method of chatting in such a way that you know who you are talking to is who you think it is (authentication), but soon after the message has been sent it can't be read anymore - the key expires and isn't saved.
An interesting point in the paper is that even when you use an cryptographic system, if the FBI takes you machine there's a good chance that they can get your messages and prove that you sent that message. If you did something incriminating this is the opposite of what you want.
As far as I understand the system, the messages are ephemeral and are unreadable after a short time (even by you). Yet at the same time there are some guarantees that the person you are chatting with is who you think it is rather than an imposter trying to get information from you.
I suppose the downside of the protocol is that you don't have a history of your messages which can be handy.
via slashdot.

Comments

Popular posts from this blog

Shortest Sudoku solver in Python

Downloading projecteuler.net