From ian@cypherpunks.ca Fri Nov 26 04:50:48 2004 From: ian@cypherpunks.ca (Ian Goldberg) Date: Thu, 25 Nov 2004 23:50:48 -0500 Subject: [OTR-announce] 0.8.3 available Message-ID: 0.8.3 is online. Changes: - Don't put the DSA keys in libgcrypt secure memory, since (a) we read them off disk anyway, and (b) we want to avoid running out of secure memory. [Fixes the problem Antony reported] - Remove the "Do you want to start a private conversation" dialogs when one side in encrypted and the other side isn't, and instead just try to start one if we know for sure the other side supports it. [Fixes the problem Paul and Hugh reported] - Speed up the DH computations by using a 320-bit exponent. [Fixes the problem Paul reported] http://www.cypherpunks.ca/otr/otr-plugin-0.8.3.tgz From ian@cypherpunks.ca Tue Nov 30 20:14:05 2004 From: ian@cypherpunks.ca (Ian Goldberg) Date: Tue, 30 Nov 2004 15:14:05 -0500 Subject: [OTR-announce] gaim-otr 0.9.0 is now online Message-ID: I've put 0.9.0 online. The most notable change: the name of the plugin has changed from otr-plugin.so to gaim-otr.so. This means that (depending on your packaging) you may need to manually delete the old /usr/lib/gaim/otr-plugin.so file, and you'll certainly need to re-enable Off-the-Record Messaging in gaim's Preferences->Plugins panel. http://www.cypherpunks.ca/otr/gaim-otr-0.9.0.tgz Other changes listed below. I believe I've now addressed every issue that's been suggested, except one: jbash asked for OTR to automatically start a private connection with a correspondent for whom we have a fingerprint. But as Paul noticed when he logged in from a machine without OTR installed, that would be Bad. [There's also the minor point that libgcrypt only allows a fixed amount of secure memory; right now, we've set it at enough for 100 private connections, but something should be done about that eventually.] If you've told me an issue that hasn't been addressed yet, let me know. Thanks! - Ian - Included the OTR Messaging Toolkit. See the README for details. - Finished the Protocol document - Changed the name of the plugin binary from "otr-plugin.so" to "gaim-otr.so". *** NOTE: this means you'll have to (1) remove the old otr-plugin.so file from your plugins directory, and (2) re-enable the Off-the-Record Messaging plugin in the Preferences panel. - Included MAC keys used to create messages in the revealed MAC section of the Data message, in addition to MAC keys used to verify messages. - Set all exported symbols to start with otrl_ (for the library) or otrg_ (for the gaim plugin), in preparation for moving the pieces into their own directories. - If we receive a Data message with no actual message in it, don't display it to the user. This may eventually be useful for doing "heartbeat" key rotations. - Separated libotr and gaim-otr into their own directories. - Switched from using gaim_notify_* to a slightly modified version that doesn't grab the focus - Put all the cipher operations in secure memory. This makes each private connection take 9472 bytes of secure memory, so we up the available amount of secure memory to 100 times that. Eventually, we'd like to make this dynamically grow.