[OTR-dev] Last-minute change to libotr 4 API
Ian Goldberg
ian at cypherpunks.ca
Sun Aug 26 09:50:31 EDT 2012
On Sat, Aug 25, 2012 at 11:28:05PM -0400, Paul Wouters wrote:
> On Sat, 25 Aug 2012, Ian Goldberg wrote:
>
> >So even after Alice and Bob have established an OTR session and are
> >happily chatting, the current 4.x (master branch) code still has a copy
> >of the private key used to generate Bob's COMMIT message stashed away.
> >If Bob's computer's memory is compromised after that point, this private
> >key may be able to be used to decrypt the first messages of the
> >conversation. This is undesirable.
>
> But wouldn't the messages be in plaintext in memory anyway somewhere
> in pidgin space? If you can read memory of the user, can't you get to
> the plaintext anyway? Even with logging disabled?
I have no reason to believe pidgin necessarily stores old plaintexts in
memory if, say, the conversation window is cleared (control-L) or
closed. But more to the point, pidgin isn't the only application that
uses libotr.
> > polltime = otrl_polltime(userstate);
>
> > otrl_poll(userstate, uiops, uiopdata);
> >
> > every polltime seconds (or thereabouts; exactness is not important).
> > The otrl_poll function will do any periodic cleanups necessary for
> > forward secrecy purposes (and, I suppose, any other operations that
> > should be done periodically, but none is needed at the moment).
>
> Seems fine, but I would really like to do some extended testing to see
> how it works in practise.
Definitely.
Thanks,
- Ian
More information about the OTR-dev
mailing list