From mcjathan1 at xmission.com Mon Dec 28 11:03:43 2009 From: mcjathan1 at xmission.com (mcjathan) Date: Mon, 28 Dec 2009 09:03:43 -0700 Subject: [OTR-users] AIM and shadow accounts In-Reply-To: References: Message-ID: <4B38D6DF.8050705@xmission.com> Is there a target release date for this new code? Gregory Maxwell wrote: > As most OTR users on AIM know: If you log in from multiple places and > talk to another OTR user you'll end up in an "OTR war" with the remote > client that you can't hear. > > AOL tells you (sometimes?) about the second user on your account if > its coming from another IP, but doesn't tell you if the clients share > IP. > > The war stops if you log the remote client out, which can be done > remotely by sending "1" to aolsystemmsg. > > I have recently observed OTR wars happening with my client when no > other client I control could possibly be logged in, yet sending "1" to > aolsystemmsg stops the war so it must have been my client duplicated > rather than the remote party. > > I first observed this some months ago but I wasn't entirely sure that > it couldn't have been another regular client of mine logged in but I > changed my password anyways. Since it is still happening occasionally > I can only speculate that something is sniffing my password on some > network I use (since AIM sends it in the clear) or that some > AIM-internal process is interfering with OTR. > > The latter possibility is especially concerning because it would be > fairly easy to convince people to de-install OTR by occasionally > subjecting them to this kind of behaviour. > > Is this something specific to the networks I use, or are other OTR > users on aim seeing this? > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > From jakustria813 at yahoo.com Mon Dec 28 17:13:26 2009 From: jakustria813 at yahoo.com (Karmi Austria) Date: Mon, 28 Dec 2009 14:13:26 -0800 (PST) Subject: [OTR-users] Hi Message-ID: <496345.34597.qm@web110804.mail.gq1.yahoo.com> How can I read my saved previous conversations while?OTR was?enabled? How can I decode the encryption? -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Mon Dec 28 17:21:30 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 28 Dec 2009 17:21:30 -0500 Subject: [OTR-users] Hi In-Reply-To: <496345.34597.qm@web110804.mail.gq1.yahoo.com> References: <496345.34597.qm@web110804.mail.gq1.yahoo.com> Message-ID: <20091228222130.GL10350@yoink.cs.uwaterloo.ca> On Mon, Dec 28, 2009 at 02:13:26PM -0800, Karmi Austria wrote: > How can I read my saved previous conversations while?OTR was?enabled? > How can I decode the encryption? If you set your IM client to log the conversation, it should have logged the plaintext of the messages, not the encrypted messages. This of course comes at a cost of secrecy, though less so deniability. If you somehow only have the encrypted messages, then it's a fundamental feature of OTR that there's no way to decrypt them after the fact. The encryption keys are very short-lived, and once they're erased, there's no getting the message back. - Ian From xx7x3xx at gmail.com Mon Dec 28 21:34:18 2009 From: xx7x3xx at gmail.com (Tim Smedly) Date: Mon, 28 Dec 2009 21:34:18 -0500 Subject: [OTR-users] my own messages appear encrypted Message-ID: <4B396AAA.5070402@gmail.com> Hi, while chatting with my buddy in an unverified conversation, my own messages appear encrypted: I can't read them. It's a major hindrance. (My buddy's messages appear normal.) Can anyone help me out with this? From ian at cypherpunks.ca Mon Dec 28 22:53:31 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 28 Dec 2009 22:53:31 -0500 Subject: [OTR-users] my own messages appear encrypted In-Reply-To: <4B396AAA.5070402@gmail.com> References: <4B396AAA.5070402@gmail.com> Message-ID: <20091229035331.GP10350@yoink.cs.uwaterloo.ca> On Mon, Dec 28, 2009 at 09:34:18PM -0500, Tim Smedly wrote: > Hi, while chatting with my buddy in an unverified conversation, my own > messages appear encrypted: I can't read them. It's a major hindrance. > (My buddy's messages appear normal.) Can anyone help me out with this? Some other plugins (like Message Splitter, I think) interact badly with encryption plugins, with precisely this effect -- they show you what gets sent over the wire, whereas pidgin goes through some trouble to ensure that plugins can make a distinction between what's sent over the network and what's displayed to the user. Encryption plugins rely on this feature, of course, but some other plugins neglect the difference. - Ian From paul at darkrain42.org Thu Dec 31 01:05:39 2009 From: paul at darkrain42.org (Paul Aurich) Date: Wed, 30 Dec 2009 22:05:39 -0800 Subject: [OTR-users] my own messages appear encrypted In-Reply-To: <4B396AAA.5070402@gmail.com> References: <4B396AAA.5070402@gmail.com> Message-ID: <4B3C3F33.6090009@darkrain42.org> And Tim Smedly spoke on 12/28/2009 06:34 PM, saying: > Hi, while chatting with my buddy in an unverified conversation, my own > messages appear encrypted: I can't read them. It's a major hindrance. > (My buddy's messages appear normal.) Can anyone help me out with this? As Ian said, this is very likely caused by the Message Splitter plugin, which in its current form interacts very poorly with OTR. I just committed [1] some fixes to the Message Splitter plugin which should be in the next release of the Purple Plugin Pack (due in a few days); with that version, there should be no interoperability issues at all (hopefully nobody proves me wrong :-/). ~Paul [1] http://hg.guifications.org/purple-plugin-pack/rev/3b7e3726f64a -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From breaux at users.sourceforge.net Thu Dec 31 11:15:07 2009 From: breaux at users.sourceforge.net (Doug Breaux) Date: Thu, 31 Dec 2009 10:15:07 -0600 Subject: [OTR-users] my own messages appear encrypted In-Reply-To: <4B3C3F33.6090009@darkrain42.org> References: <4B396AAA.5070402@gmail.com> <4B3C3F33.6090009@darkrain42.org> Message-ID: <4B3CCE0B.5090602@users.sourceforge.net> Interesting. I'd not gotten back to debugging my OTR delivery problems: http://lists.cypherpunks.ca/pipermail/otr-users/2009-March/001624.html But this sounds like it could be relevant. However I can't find any documentation on the messagesplitter plugin. The Purple Pidgin Pack's wiki page doesn't seem to have a link/page for it. On 12/31/2009 12:05 AM, Paul Aurich wrote: > And Tim Smedly spoke on 12/28/2009 06:34 PM, saying: > >> Hi, while chatting with my buddy in an unverified conversation, my own >> messages appear encrypted: I can't read them. It's a major hindrance. >> (My buddy's messages appear normal.) Can anyone help me out with this? >> > As Ian said, this is very likely caused by the Message Splitter plugin, > which in its current form interacts very poorly with OTR. > > I just committed [1] some fixes to the Message Splitter plugin which should > be in the next release of the Purple Plugin Pack (due in a few days); with > that version, there should be no interoperability issues at all (hopefully > nobody proves me wrong :-/). > > ~Paul > > [1] http://hg.guifications.org/purple-plugin-pack/rev/3b7e3726f64a > From paul at darkrain42.org Thu Dec 31 12:11:43 2009 From: paul at darkrain42.org (Paul Aurich) Date: Thu, 31 Dec 2009 09:11:43 -0800 Subject: [OTR-users] my own messages appear encrypted In-Reply-To: <4B3CCE0B.5090602@users.sourceforge.net> References: <4B396AAA.5070402@gmail.com> <4B3C3F33.6090009@darkrain42.org> <4B3CCE0B.5090602@users.sourceforge.net> Message-ID: <4B3CDB4F.1050907@darkrain42.org> And Doug Breaux spoke on 12/31/2009 08:15 AM, saying: > Interesting. I'd not gotten back to debugging my OTR delivery problems: > > http://lists.cypherpunks.ca/pipermail/otr-users/2009-March/001624.html > > But this sounds like it could be relevant. However I can't find any > documentation on the messagesplitter plugin. The Purple Pidgin Pack's > wiki page doesn't seem to have a link/page for it. Hmm, it's not documented on the wiki, you're right :-(. I think Ian was correct about what the problem was; Pidgin's Yahoo PRPL lowered the maximum message size a while ago (in the 2.5. line, I think) to bring it in line with what the servers accepted at that point. Setting the otr.max_message_size to something lower /should/ work. For the record, the values currently used in Pidgin 2.6.4 (which haven't changed in a little while) are: /* * Current Maximum Length for Instant Messages * * This was found by experiment. * * The YMSG protocol allows a message of up to 948 bytes, but the official client * limits to 800 characters. According to experiments I conducted, it seems that * the discrepancy is to allow some leeway for messages with mixed single- and * multi-byte characters, as I was able to send messages of 840 and 932 bytes * by using some multibyte characters (some random Chinese or Japanese characters, * to be precise). - rekkanoryo */ #define YAHOO_MAX_MESSAGE_LENGTH_BYTES 948 #define YAHOO_MAX_MESSAGE_LENGTH_CHARS 800 The reason the message 'disappears' is that OTR injects messages directly (to bypass loops, or other plugins trying to munge the encoded message), but it doesn't check the result of `serv_send_im`, which returns -E2BIG in this case. The standard sending routine in libpurple does check that result and prints "Unable to send message: The message is too large". ~Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From breaux at users.sourceforge.net Thu Dec 31 12:27:24 2009 From: breaux at users.sourceforge.net (Doug Breaux) Date: Thu, 31 Dec 2009 11:27:24 -0600 Subject: [OTR-users] my own messages appear encrypted In-Reply-To: <4B3CDB4F.1050907@darkrain42.org> References: <4B396AAA.5070402@gmail.com> <4B3C3F33.6090009@darkrain42.org> <4B3CCE0B.5090602@users.sourceforge.net> <4B3CDB4F.1050907@darkrain42.org> Message-ID: <4B3CDEFC.5080601@users.sourceforge.net> On 12/31/2009 11:11 AM, Paul Aurich wrote: > And Doug Breaux spoke on 12/31/2009 08:15 AM, saying: > >> Interesting. I'd not gotten back to debugging my OTR delivery problems: >> >> http://lists.cypherpunks.ca/pipermail/otr-users/2009-March/001624.html >> >> But this sounds like it could be relevant. However I can't find any >> documentation on the messagesplitter plugin. The Purple Pidgin Pack's >> wiki page doesn't seem to have a link/page for it. >> > Hmm, it's not documented on the wiki, you're right :-(. > > I think Ian was correct about what the problem was; Pidgin's Yahoo PRPL > lowered the maximum message size a while ago (in the 2.5. line, I think) to > bring it in line with what the servers accepted at that point. Setting the > otr.max_message_size to something lower /should/ work. > > For the record, the values currently used in Pidgin 2.6.4 (which haven't > changed in a little while) are: > > /* > * Current Maximum Length for Instant Messages > * > * This was found by experiment. > * > * The YMSG protocol allows a message of up to 948 bytes, but the official > client > * limits to 800 characters. According to experiments I conducted, it > seems that > * the discrepancy is to allow some leeway for messages with mixed single- and > * multi-byte characters, as I was able to send messages of 840 and 932 bytes > * by using some multibyte characters (some random Chinese or Japanese > characters, > * to be precise). - rekkanoryo > */ > #define YAHOO_MAX_MESSAGE_LENGTH_BYTES 948 > #define YAHOO_MAX_MESSAGE_LENGTH_CHARS 800 > > The reason the message 'disappears' is that OTR injects messages directly > (to bypass loops, or other plugins trying to munge the encoded message), > but it doesn't check the result of `serv_send_im`, which returns -E2BIG in > this case. The standard sending routine in libpurple does check that > result and prints "Unable to send message: The message is too large". > > ~Paul > Thanks for the reply and explanation of the dropped messages, Paul. So does the Message Splitter do anything that would simplify this process for me? That is, allow me to change the split size rather than changing the OTR max message sizes by editing and restarting? Also, strangely, your reply to the list has been delivered to me, but not my message to which you were replying. I was awaiting my own reply so I could link to this more recent subset of my thread where I state that I tried as small as 750, and Ian suggested trying even smaller since that didn't seem to work: http://lists.cypherpunks.ca/pipermail/otr-users/2009-September/001723.html From paul at darkrain42.org Thu Dec 31 13:18:29 2009 From: paul at darkrain42.org (Paul Aurich) Date: Thu, 31 Dec 2009 10:18:29 -0800 Subject: [OTR-users] my own messages appear encrypted In-Reply-To: <4B3CDEFC.5080601@users.sourceforge.net> References: <4B396AAA.5070402@gmail.com> <4B3C3F33.6090009@darkrain42.org> <4B3CCE0B.5090602@users.sourceforge.net> <4B3CDB4F.1050907@darkrain42.org> <4B3CDEFC.5080601@users.sourceforge.net> Message-ID: <4B3CEAF5.2080603@darkrain42.org> And Doug Breaux spoke on 12/31/2009 09:27 AM, saying: > Thanks for the reply and explanation of the dropped messages, Paul. > > So does the Message Splitter do anything that would simplify this > process for me? That is, allow me to change the split size rather than > changing the OTR max message sizes by editing and restarting? No, it doesn't. If Message Splitter tries to split OTR's messages, it just results in the other side declaring the encrypted messages invalid (I believe). ~Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: