From esurnir at gmail.com  Mon Mar  3 18:40:16 2008
From: esurnir at gmail.com (Esurnir)
Date: Mon, 3 Mar 2008 18:40:16 -0500
Subject: [OTR-users] Off the record package on the ubuntu server ?
In-Reply-To: <20080228171209.GA32135@tommy-desktop>
References: <78ce815d0802280842l31809a6ewd47bca603a710422@mail.gmail.com>
	 <20080228171209.GA32135@tommy-desktop>
Message-ID: <78ce815d0803031540i6f879e79idee3c1993e48651e@mail.gmail.com>

Thank you for the hint about the dependencies, like I said I'm a bit new to
linux but this solved my problem completely. Thank you very much :).
Jean-Baptiste Zeller

On Thu, Feb 28, 2008 at 12:12 PM, Thomas B. <tommy.b at gmx.net> wrote:

> Hi!
>
> On Thu, Feb 28, 2008 at 11:42:01AM -0500, Esurnir wrote:
> > I was wondering would it be possible to update the package (still at 3.0at the
> > time I speak) on the ubuntu package distribution ?
>
> pidgin-otr 3.1.0 will be in the next Ubuntu release:
>
> http://packages.ubuntu.com/hardy/pidgin-otr
>
> AFAIK the release of Hardy is scheduled for April.
>
> > I tried to compile the 3.1 but due to the fact that gtk is labeled as
> being
> > version 2.0 it became a true nightmare, never succeeded into finaly
> compiling
> > the pidgin-otr plugin (libotr went fine).
>
> Hm, I compiled pidgin-otr on Ubuntu without problems. Are you sure that
> you have all the dependencies installed (especially the required
> development packages)? You can do that with
>
>        sudo apt-get build-dep pidgin-otr
>
> The only issue I encountered when compiling from source is that
> pidgin-otr gets installed to /usr/local by default, while the Pidgin
> binary provided by Ubuntu is installed in /usr. I solved that by adding
> "--prefix=/usr" to the configure options for pidgin-otr.
>
> Regards,
> Thomas
>
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20080303/307edf35/attachment.html>

From perrin at apotheon.com  Thu Mar  6 12:11:09 2008
From: perrin at apotheon.com (Chad Perrin)
Date: Thu, 6 Mar 2008 10:11:09 -0700
Subject: [OTR-users] multiple keys, one account
Message-ID: <20080306171109.GA56756@demeter.hydra>

Is there any particular reason, with the Pidgin OTR plugin, that one
could not use a second set of OTR encryption keys for a second computer
with the same IM service account(s)?  Would this potentially cause any
issues for other people with whom one communicates via these accounts?

The problem I'm trying to solve here involves one computer that's less
"trusted" than the other.  One is in a work environment where others have
access to the computer, on an MS Windows machine, and the other is a
private machine running a free Unix-like OS that is its owner's sole
responsibility.  One, then, would be identified as the less-trusted key
set, and the other as the more-trusted.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
MacUser, Nov. 1990: "There comes a time in the history of any project when
it becomes necessary to shoot the engineers and begin production."


From gmaxwell at gmail.com  Thu Mar  6 12:45:15 2008
From: gmaxwell at gmail.com (Gregory Maxwell)
Date: Thu, 6 Mar 2008 12:45:15 -0500
Subject: [OTR-users] multiple keys, one account
In-Reply-To: <20080306171109.GA56756@demeter.hydra>
References: <20080306171109.GA56756@demeter.hydra>
Message-ID: <e692861c0803060945v7e415a96saabd847dcf011a86@mail.gmail.com>

On Thu, Mar 6, 2008 at 12:11 PM, Chad Perrin <perrin at apotheon.com> wrote:
> Is there any particular reason, with the Pidgin OTR plugin, that one
>  could not use a second set of OTR encryption keys for a second computer
>  with the same IM service account(s)?  Would this potentially cause any
>  issues for other people with whom one communicates via these accounts?
>
>  The problem I'm trying to solve here involves one computer that's less
>  "trusted" than the other.  One is in a work environment where others have
>  access to the computer, on an MS Windows machine, and the other is a
>  private machine running a free Unix-like OS that is its owner's sole
>  responsibility.  One, then, would be identified as the less-trusted key
>  set, and the other as the more-trusted.

Sure. it just works. Don't have your contacts authenticate the less
trusted one.. and they'll be able to tell which they are talking to by
the lack of authentication.


From gdt at ir.bbn.com  Fri Mar  7 09:46:40 2008
From: gdt at ir.bbn.com (Greg Troxel)
Date: Fri, 07 Mar 2008 09:46:40 -0500
Subject: [OTR-users] multiple keys, one account
In-Reply-To: <e692861c0803060945v7e415a96saabd847dcf011a86@mail.gmail.com>
	(Gregory Maxwell's message of "Thu, 6 Mar 2008 12:45:15 -0500")
References: <20080306171109.GA56756@demeter.hydra>
	<e692861c0803060945v7e415a96saabd847dcf011a86@mail.gmail.com>
Message-ID: <rmiejamk2wf.fsf@fnord.ir.bbn.com>

"Gregory Maxwell" <gmaxwell at gmail.com> writes:

> On Thu, Mar 6, 2008 at 12:11 PM, Chad Perrin <perrin at apotheon.com> wrote:
>> Is there any particular reason, with the Pidgin OTR plugin, that one
>>  could not use a second set of OTR encryption keys for a second computer
>>  with the same IM service account(s)?  Would this potentially cause any
>>  issues for other people with whom one communicates via these accounts?
>>
>>  The problem I'm trying to solve here involves one computer that's less
>>  "trusted" than the other.  One is in a work environment where others have
>>  access to the computer, on an MS Windows machine, and the other is a
>>  private machine running a free Unix-like OS that is its owner's sole
>>  responsibility.  One, then, would be identified as the less-trusted key
>>  set, and the other as the more-trusted.
>
> Sure. it just works. Don't have your contacts authenticate the less
> trusted one.. and they'll be able to tell which they are talking to by
> the lack of authentication.

You would still want to authenticate the work key, but have it labeled
as a lower level of clerance.  It would be nice to have names/tags
associated with keys and have those dipslayed.  But that's perhaps too
complicated for many.


From fewking at paniccrew.de  Fri Mar 21 09:32:59 2008
From: fewking at paniccrew.de (FewKinG)
Date: Fri, 21 Mar 2008 14:32:59 +0100
Subject: [OTR-users] Problem: Buddy not in list
Message-ID: <47E3B90B.6080200@paniccrew.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all.

I have a problem with OTR and wanted to know if this is a known issue
and if it can/will be solved.

I installed OTR and it works so far, I can talk to other people and also
to one who is also using OTR.
But there is one contact that doesn't even show up in the OTR list,
neither as "other buddy" nor as "private connection". Nevertheless I can
chat with him without any problems. At the time I don't know if this is
also happening with other buddies. As far as I see OTR other contacts
show up perfectly in the list.

I hope someone can help me with this. Any help or info is appreciated.
Thank you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkfjuQsACgkQCPjF5t12HjJqZACgvWYFlaUnEMkJTa+4/pb0sJG2
gZEAoIvcNWySroqRgVvy4b2Hhks0aNW6
=Nbrm
-----END PGP SIGNATURE-----


From db.netres at gmail.com  Mon Mar 31 04:01:34 2008
From: db.netres at gmail.com (db)
Date: Mon, 31 Mar 2008 10:01:34 +0200
Subject: [OTR-users] Decrypt manually and externally
Message-ID: <a90c5f840803310101g411694f4q27179de0057df52a@mail.gmail.com>

All my OTR conversations sent through my gmail account is stored
online at gmail, in encrypted form. Is it possible to manually decrypt
these messages?


From bdm at fenrir.org.uk  Mon Mar 31 10:55:13 2008
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Mon, 31 Mar 2008 15:55:13 +0100
Subject: [OTR-users] Decrypt manually and externally
In-Reply-To: <a90c5f840803310101g411694f4q27179de0057df52a@mail.gmail.com>
References: <a90c5f840803310101g411694f4q27179de0057df52a@mail.gmail.com>
Message-ID: <47F0FB51.9010005@fenrir.org.uk>

db wrote:
> All my OTR conversations sent through my gmail account is stored
> online at gmail, in encrypted form. Is it possible to manually decrypt
> these messages?

Unless there is access to the session key used in each case, no.

Of course, that's the whole point of the OTR plugin, that with an 
ephemeral key any decryption of the ciphertext stream is equally plausible.

-- 

Brian



From db.netres at gmail.com  Mon Mar 31 12:00:07 2008
From: db.netres at gmail.com (db)
Date: Mon, 31 Mar 2008 18:00:07 +0200
Subject: [OTR-users] Decrypt manually and externally
In-Reply-To: <47F0FB51.9010005@fenrir.org.uk>
References: <a90c5f840803310101g411694f4q27179de0057df52a@mail.gmail.com>
	 <47F0FB51.9010005@fenrir.org.uk>
Message-ID: <a90c5f840803310900x5930d485w19fedfb47991eafe@mail.gmail.com>

On Mon, Mar 31, 2008 at 4:55 PM, Brian Morrison <bdm at fenrir.org.uk> wrote:
>
> db wrote:
>  > All my OTR conversations sent through my gmail account is stored
>  > online at gmail, in encrypted form. Is it possible to manually decrypt
>  > these messages?
>
>  Unless there is access to the session key used in each case, no.
>
>  Of course, that's the whole point of the OTR plugin, that with an
>  ephemeral key any decryption of the ciphertext stream is equally plausible.

The keys doesn't change after verification, do they? Can I export the
keys from Pidgin and then decrypt the messages? If this is not
possible the whole purpose with storing your IM history online becomes
pointless.

Besides, I would like to have the same key on several machines (a mix
of Adium and Pidgin), can I export/import them somehow?


From adam_zimmerman at sfu.ca  Mon Mar 31 13:16:30 2008
From: adam_zimmerman at sfu.ca (Adam Zimmerman)
Date: Mon, 31 Mar 2008 10:16:30 -0700
Subject: [OTR-users] Decrypt manually and externally
In-Reply-To: <a90c5f840803310900x5930d485w19fedfb47991eafe@mail.gmail.com>
References: <a90c5f840803310101g411694f4q27179de0057df52a@mail.gmail.com>
	 <47F0FB51.9010005@fenrir.org.uk>
	 <a90c5f840803310900x5930d485w19fedfb47991eafe@mail.gmail.com>
Message-ID: <1206983790.8683.6.camel@midnight>

On Mon, 2008-03-31 at 18:00 +0200, db wrote:
> On Mon, Mar 31, 2008 at 4:55 PM, Brian Morrison <bdm at fenrir.org.uk> wrote:
> >
> > db wrote:
> >  > All my OTR conversations sent through my gmail account is stored
> >  > online at gmail, in encrypted form. Is it possible to manually decrypt
> >  > these messages?
> >
> >  Unless there is access to the session key used in each case, no.
> >
> >  Of course, that's the whole point of the OTR plugin, that with an
> >  ephemeral key any decryption of the ciphertext stream is equally plausible.
> 
> The keys doesn't change after verification, do they? Can I export the
> keys from Pidgin and then decrypt the messages? If this is not
> possible the whole purpose with storing your IM history online becomes
> pointless.

You're thinking of your long-lived keys. These aren't actually used to
encrypt conversations, just to sign the first (randomly-generated I
think) session encryption key to prove you are actually the one starting
the conversation. The idea is that after a conversation, nobody can
decrypt the original text with any certainty, and nobody can verify
(cryptographically, at least) that you said a certain thing. Your
conversation is "off the record."

> 
> Besides, I would like to have the same key on several machines (a mix
> of Adium and Pidgin), can I export/import them somehow?

The keys are stored in the file otr.private_key in your pidgin directory
(~/.purple/ on *nix, not sure what it is on Windows). You can just copy
that file between computers. That will give you the same fingerprint on
multiple computers.

--
Adam Zimmerman <adam_zimmerman at sfu.ca>

CREATIVITY  - http://mirrors.creativecommons.org/movingimages/Building_on_the_Past.mpg
ALWAYS      - http://www.musiccreators.ca/
BUILDS      - http://www.ubuntu.com/
ON THE PAST - http://www.theopencd.org/
--

Beware of Bigfoot!