From ptierney at ucla.edu Tue Jun 16 19:22:33 2009 From: ptierney at ucla.edu (Patrick Tierney) Date: Tue, 16 Jun 2009 16:22:33 -0700 Subject: [OTR-users] libotr on Debian Message-ID: Hello, I'm using libotr 3.2 with g++ on a Debian system, and I am receiving a linking error. In particular, the linker ld cannot find otrl_init(). I am linking with a standard -lotr flag with g++. The error occurs both with the libotr2 Debian package, and when I download and install libotr 3.2 myself. Here's the g++ output: main.cpp:(.text+0x16b): undefined reference to `otrl_init(unsigned int, unsigned int, unsigned int)' collect2: ld returned 1 exit status makepp: error: status (1), stopping now Thanks in advance for any help, Patrick From ian at cypherpunks.ca Tue Jun 16 20:48:34 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 16 Jun 2009 20:48:34 -0400 Subject: [OTR-users] libotr on Debian In-Reply-To: References: Message-ID: <20090617004834.GO11506@yoink.cs.uwaterloo.ca> On Tue, Jun 16, 2009 at 04:22:33PM -0700, Patrick Tierney wrote: > Hello, > > I'm using libotr 3.2 with g++ on a Debian system, and I am receiving a > linking error. In particular, the linker ld cannot find otrl_init(). > I am linking with a standard -lotr flag with g++. The error occurs > both with the libotr2 Debian package, and when I download and install > libotr 3.2 myself. > > Here's the g++ output: > main.cpp:(.text+0x16b): undefined reference to `otrl_init(unsigned > int, unsigned int, unsigned int)' > collect2: ld returned 1 exit status > makepp: error: status (1), stopping now > > Thanks in advance for any help, Try putting extern "C" { ... } around your libotr #include lines. - Ian From ptierney at ucla.edu Tue Jun 16 21:05:35 2009 From: ptierney at ucla.edu (Patrick Tierney) Date: Tue, 16 Jun 2009 18:05:35 -0700 Subject: [OTR-users] libotr on Debian In-Reply-To: <20090617004834.GO11506@yoink.cs.uwaterloo.ca> References: <20090617004834.GO11506@yoink.cs.uwaterloo.ca> Message-ID: That works. Thanks so much. On Tue, Jun 16, 2009 at 5:48 PM, Ian Goldberg wrote: > On Tue, Jun 16, 2009 at 04:22:33PM -0700, Patrick Tierney wrote: >> Hello, >> >> I'm using libotr 3.2 with g++ on a Debian system, and I am receiving a >> linking error. ?In particular, the linker ld cannot find otrl_init(). >> I am linking with a standard -lotr flag with g++. ?The error occurs >> both with the libotr2 Debian package, and when I download and install >> libotr 3.2 myself. >> >> Here's the g++ output: >> main.cpp:(.text+0x16b): undefined reference to `otrl_init(unsigned >> int, unsigned int, unsigned int)' >> collect2: ld returned 1 exit status >> makepp: error: status (1), stopping now >> >> Thanks in advance for any help, > > Try putting > > extern "C" { > ? ?... > } > > around your libotr #include lines. > > ? - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > From ptierney at ucla.edu Thu Jun 18 18:18:52 2009 From: ptierney at ucla.edu (Patrick Tierney) Date: Thu, 18 Jun 2009 15:18:52 -0700 Subject: [OTR-users] OTR Perl Module Message-ID: Hello, I am writing a Perl module for OTR, and I've run into an unfortunate error: both Perl 5 and OTR declare structs called "context", and this results in an obvious redefinition error when compiling. I am writing the module using Inline / XS, and including perl's EXTERN.h, perl.h, XSUB.h, and INLINE.h, along with libotr/proto.h, etc. I would appreciate any suggestions on how to get around this, though I would also purpose changing the struct name to "otr_context" or such in future releases of the OTR library. Thanks, Patrick From ian at cypherpunks.ca Thu Jun 18 22:05:47 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Thu, 18 Jun 2009 22:05:47 -0400 Subject: [OTR-users] OTR Perl Module In-Reply-To: References: Message-ID: <20090619020547.GF6925@yoink.cs.uwaterloo.ca> On Thu, Jun 18, 2009 at 03:18:52PM -0700, Patrick Tierney wrote: > Hello, > > I am writing a Perl module for OTR, and I've run into an unfortunate > error: both Perl 5 and OTR declare structs called "context", and this > results in an obvious redefinition error when compiling. I am writing > the module using Inline / XS, and including perl's EXTERN.h, perl.h, > XSUB.h, and INLINE.h, along with libotr/proto.h, etc. > > I would appreciate any suggestions on how to get around this, though I > would also purpose changing the struct name to "otr_context" or such > in future releases of the OTR library. Stupid C with global structure name scope. ;-) You can always do this trick: #define context otr_context #include #undef context I haven't tested it, but it has a shot at working... - Ian From ptierney at ucla.edu Thu Jun 18 23:41:42 2009 From: ptierney at ucla.edu (Patrick Tierney) Date: Thu, 18 Jun 2009 20:41:42 -0700 Subject: [OTR-users] OTR Perl Module In-Reply-To: <20090619020547.GF6925@yoink.cs.uwaterloo.ca> References: <20090619020547.GF6925@yoink.cs.uwaterloo.ca> Message-ID: Great, that worked! For future information, my final .xs code looks like this: #include "EXTERN.h" #include "perl.h" #include "XSUB.h" #include "INLINE.h" #define context otr_context #include #undef context #include #include #include Patrick On Thu, Jun 18, 2009 at 7:05 PM, Ian Goldberg wrote: > On Thu, Jun 18, 2009 at 03:18:52PM -0700, Patrick Tierney wrote: >> Hello, >> >> I am writing a Perl module for OTR, and I've run into an unfortunate >> error: ?both Perl 5 and OTR declare structs called "context", and this >> results in an obvious redefinition error when compiling. ?I am writing >> the module using Inline / XS, and including perl's EXTERN.h, perl.h, >> XSUB.h, and INLINE.h, along with libotr/proto.h, etc. >> >> I would appreciate any suggestions on how to get around this, though I >> would also purpose changing the struct name to "otr_context" or such >> in future releases of the OTR library. > > Stupid C with global structure name scope. ?;-) > > You can always do this trick: > > #define context otr_context > #include > #undef context > > I haven't tested it, but it has a shot at working... > > ? - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > From ian at cypherpunks.ca Fri Jun 19 11:48:34 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 19 Jun 2009 11:48:34 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <20090528020019.GE31490@yoink.cs.uwaterloo.ca> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> <20080922152829.GL12033@thunk.cs.uwaterloo.ca> <87k542wcu7.fsf@pond.riseup.net> <20090528020019.GE31490@yoink.cs.uwaterloo.ca> Message-ID: <20090619154834.GF4586@thunk.cs.uwaterloo.ca> On Wed, May 27, 2009 at 10:00:19PM -0400, Ian Goldberg wrote: > On Wed, May 27, 2009 at 03:44:00PM -0400, Micah Anderson wrote: > > Ian Goldberg writes: > > > > > On Mon, Sep 22, 2008 at 11:06:54AM -0400, Daniel Kahn Gillmor wrote: > > >> Thanks for the reply, Ian! > > >> > > >> On Mon 2008-09-22 09:29:32 -0400, Ian Goldberg wrote: > > >> > > >> > there are a couple of people working on just what a group version of > > >> > OTR should look like, and what its properties should be. > > >> > > >> Where is this discussion taking place? I'd be interested in > > >> participating, though i don't have a ton of time to do so. > > > > > > A couple of people are conversing by email, as far as I know. > > > > I was pretty excited to see that this discussion was going on (even if > > it was not on a public list that I could follow). However its been 8 > > months since then, and I haven't seen anything come of this. > > > > Was there any progress that can be reported? > > > > Thanks, I'm really looking forward to multi-party OTR, > > We recently submitted a paper on the topic to the ACM conference on > Computer and Communications Security; it will likely appear online at > some point as a technical report, at the very least, and when it does, > I'll be sure to post a link to it here. > > It's still in the "work out the cryptographic details and have them > vetted" stage, though; well before the "write code" stage. Here's the tech report, posted moments ago. Ian Goldberg, Berkant Ustao?lu, Matthew Van Gundy, Hao Chen. "Multi-party Off-the-Record Messaging". CACR Tech Report 2009-27. 11 pages. June 2009. http://www.cacr.math.uwaterloo.ca/techreports/2009/cacr2009-27.pdf - Ian From christopher.lemire at gmail.com Sat Jun 20 07:52:25 2009 From: christopher.lemire at gmail.com (christopher.lemire at gmail.com) Date: Sat, 20 Jun 2009 11:52:25 +0000 Subject: [OTR-users] Otr for blackberry Message-ID: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> Hello, I use otr in both linux and windblows. A lot of people I communicate with use it. They send me otr encrypted messages not knowing I'm on my phone and I see the message as unencrypted. I was wondering if it would be possible to make otr for the blackberry phone. The instant messenger client supports many protocols and uses libpurple. I forgot which version of libpurple, but I can find out. Would this be difficult to port? Another thought was having otr use gpg keys. Authentication could be set up without otr by signing public keys. Thanks. Sent via BlackBerry from T-Mobile From christopher.lemire at gmail.com Sat Jun 20 09:04:20 2009 From: christopher.lemire at gmail.com (Christopher Lemire) Date: Sat, 20 Jun 2009 08:04:20 -0500 Subject: [OTR-users] Otr for Blackberry Message-ID: Hello, I use otr in both linux and windblows. A lot of people I communicate with use it. They send me otr encrypted messages not knowing I'm on my phone and I see the message as unencrypted. I was wondering if it would be possible to make otr for the blackberry phone. The instant messenger client supports many protocols and uses libpurple. I forgot which version of libpurple, but I can find out. Would this be difficult to port? Another thought was having otr use gpg keys. Authentication could be set up without otr by signing public keys. Thanks. -- Christopher Lemire Ubuntu 64 bit Linux Raid Level 0 Sent via BlackBerry from T-Mobile -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Sat Jun 20 09:34:21 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 20 Jun 2009 09:34:21 -0400 Subject: [OTR-users] Otr for blackberry In-Reply-To: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> References: <1583232617-1245498747-cardhu_decombobulator_blackberry.rim.net-515792925-@bxe1309.bisx.prod.on.blackberry> Message-ID: <20090620133421.GQ6925@yoink.cs.uwaterloo.ca> On Sat, Jun 20, 2009 at 11:52:25AM +0000, christopher.lemire at gmail.com wrote: > Hello, I use otr in both linux and windblows. A lot of people I > communicate with use it. They send me otr encrypted messages not > knowing I'm on my phone and I see the message as unencrypted. I was > wondering if it would be possible to make otr for the blackberry > phone. The instant messenger client supports many protocols and uses > libpurple. I forgot which version of libpurple, but I can find out. Are you sure? libpurple is a C library, and (third-party) BB progs have to be written in J2ME. That said, we're working on a java version of libotr, so this will hopefully be possible soon. > Would this be difficult to port? Another thought was having otr use > gpg keys. Authentication could be set up without otr by signing public > keys. Thanks. Lots of people suggest that, but don't take into account that there's no standard way to indicate your IM username and network in your gpg userid, so manual intervention would still be required. - Ian From cybercorecentre at gmail.com Sun Jun 21 18:05:34 2009 From: cybercorecentre at gmail.com (Cyber Core) Date: Mon, 22 Jun 2009 00:05:34 +0200 Subject: [OTR-users] encrypted file transfer Message-ID: <21eaa5840906211505x2ec3214fp29443f9ed0cc91e8@mail.gmail.com> Hi guys, Maybe some of you users don't know but OTR does not encrypt the file transfers at all (in that case you sending important documents to your buddies via msn). Is there any chance you going to implement this feature? Regards, Jax -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Sun Jun 21 18:20:05 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 21 Jun 2009 18:20:05 -0400 Subject: [OTR-users] encrypted file transfer In-Reply-To: <21eaa5840906211505x2ec3214fp29443f9ed0cc91e8@mail.gmail.com> References: <21eaa5840906211505x2ec3214fp29443f9ed0cc91e8@mail.gmail.com> Message-ID: <20090621222005.GB6925@yoink.cs.uwaterloo.ca> On Mon, Jun 22, 2009 at 12:05:34AM +0200, Cyber Core wrote: > Hi guys, > > Maybe some of you users don't know but OTR does not encrypt the file > transfers at all (in that case you sending important documents to your > buddies via msn). > Is there any chance you going to implement this feature? There's actually a GSoC project addressing this topic going on at this very moment. - Ian From christopher.lemire at gmail.com Sun Jun 21 20:07:59 2009 From: christopher.lemire at gmail.com (christopher.lemire at gmail.com) Date: Mon, 22 Jun 2009 00:07:59 +0000 Subject: [OTR-users] encrypted file transfer Message-ID: <1273763767-1245630038-cardhu_decombobulator_blackberry.rim.net-1762641128-@bxe1309.bisx.prod.on.blackberry> I suggest using gpg to encrypt the file whether sending it over email or IM. Did you know you can encrypt a file to text and send it as a chat message. Checkout gpg --armor in the man page. For larger files, you would need to use the jabber protocol which doesn't have a limit on the amount of text or the message splitter plugin for other protocols. But you either need to not be have an otr private session when using that other plugin because it conflicts with otr. Too bad because its a very useful plugin. Ok here are some more alternative suggestions. If the recipient of the file transfer is a non tech user, then rar,zip, or p7zip the file(s) and password protect them with a strong password. This can easily be done in gnome by right clicking a file or directory and choosing create archive and from there, choosing the type and giving it a password. Here is another alternative. Use truecrypt to create a physical volume slightly larger than the files being sent. Put the files in the volume which will encrypt them on the fly and then send that volume to the recipient. I could give even more suggestions than these, but I think this is plenty. There's my two sents. If this helped anybody, let me know. Sent via BlackBerry from T-Mobile From christopher.lemire at gmail.com Sun Jun 21 20:35:22 2009 From: christopher.lemire at gmail.com (Christopher Lemire) Date: Sun, 21 Jun 2009 19:35:22 -0500 Subject: [OTR-users] Fwd: encrypted file transfer In-Reply-To: <1273763767-1245630038-cardhu_decombobulator_blackberry.rim.net-1762641128-@bxe1309.bisx.prod.on.blackberry> References: <1273763767-1245630038-cardhu_decombobulator_blackberry.rim.net-1762641128-@bxe1309.bisx.prod.on.blackberry> Message-ID: My message was rejected by the mail server the first time I sent it. I would like to know why. ---------- Forwarded message ---------- From: Date: Sun, Jun 21, 2009 at 7:07 PM Subject: Re: [OTR-users] encrypted file transfer To: otr-users at lists.cypherpunks.ca I suggest using gpg to encrypt the file whether sending it over email or IM. Did you know you can encrypt a file to text and send it as a chat message. Checkout gpg --armor in the man page. For larger files, you would need to use the jabber protocol which doesn't have a limit on the amount of text or the message splitter plugin for other protocols. But you either need to not be have an otr private session when using that other plugin because it conflicts with otr. Too bad because its a very useful plugin. Ok here are some more alternative suggestions. If the recipient of the file transfer is a non tech user, then rar,zip, or p7zip the file(s) and password protect them with a strong password. This can easily be done in gnome by right clicking a file or directory and choosing create archive and from there, choosing the type and giving it a password. Here is another alternative. Use truecrypt to create a physical volume slightly larger than the files being sent. Put the files in the volume which will encrypt them on the fly and then send that volume to the recipient. I could give even more suggestions than these, but I think this is plenty. There's my two sents. If this helped anybody, let me know. Sent via BlackBerry from T-Mobile -- Christopher Lemire Ubuntu 64 bit Linux Raid Level 0 -------------- next part -------------- An HTML attachment was scrubbed... URL: From christopher.lemire at gmail.com Sun Jun 21 20:37:32 2009 From: christopher.lemire at gmail.com (Christopher Lemire) Date: Sun, 21 Jun 2009 19:37:32 -0500 Subject: [OTR-users] Fwd: Return receipt In-Reply-To: <200906220020.n5M0KiPE007895@paip.net> References: <1273763767-1245630038-cardhu_decombobulator_blackberry.rim.net-1762641128-@bxe1309.bisx.prod.on.blackberry> <200906220020.n5M0KiPE007895@paip.net> Message-ID: Why was my message refused by the mail server? ---------- Forwarded message ---------- From: Mail Delivery Subsystem Date: Sun, Jun 21, 2009 at 7:20 PM Subject: Return receipt To: christopher.lemire at gmail.com The original message was received at Sun, 21 Jun 2009 20:20:44 -0400 from yw-out-1718.google.com [74.125.46.157] ----- The following addresses had successful delivery notifications ----- "|/var/lib/mailman/mail/mailman post otr-users" (successfully delivered to mailbox) (expanded from: ) ----- Transcript of session follows ----- "|/var/lib/mailman/mail/mailman post otr-users"... Successfully delivered Final-Recipient: RFC822; otr-users at lists.cypherpunks.ca X-Actual-Recipient: X-Unix; |/var/lib/mailman/mail/mailman post otr-users Action: delivered (to mailbox) Status: 2.1.5 Last-Attempt-Date: Sun, 21 Jun 2009 20:20:44 -0400 -- Christopher Lemire Ubuntu 64 bit Linux Raid Level 0 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/rfc822-headers Size: 2333 bytes Desc: not available URL: From chris-tuchs at hushmail.com Tue Jun 23 20:25:01 2009 From: chris-tuchs at hushmail.com (chris-tuchs at hushmail.com) Date: Tue, 23 Jun 2009 17:25:01 -0700 Subject: [OTR-users] OTR + Secondlife Message-ID: <20090624002501.9AA3CB8040@smtp.hushmail.com> I am working on integrating OTR into the second life client. Is there some stuff I can read about getting a windows program to happily talk with libotr? Should I be bugging the dev list? -- Click here for great quotes from top international movers! http://tagline.hushmail.com/fc/BLSrjkqhoPYO9W5V2tKOfjVwUVlM4dCE9opl2OqnqvHI0U90P8nrZ5OAn1O/ From ian at cypherpunks.ca Tue Jun 23 22:28:57 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Tue, 23 Jun 2009 22:28:57 -0400 Subject: [OTR-users] OTR + Secondlife In-Reply-To: <20090624002501.9AA3CB8040@smtp.hushmail.com> References: <20090624002501.9AA3CB8040@smtp.hushmail.com> Message-ID: <20090624022857.GD32575@yoink.cs.uwaterloo.ca> On Tue, Jun 23, 2009 at 05:25:01PM -0700, chris-tuchs at hushmail.com wrote: > I am working on integrating OTR into the second life client. Is > there some stuff I can read about getting a windows program to > happily talk with libotr? Should I be bugging the dev list? Indeed, the dev list would be more appropriate. Certainly it's been done before, since pidgin-otr, trillian, miranda, etc. work with libotr on Windows. But the only one I personally know the details of is pidgin-otr, and that's basically the Linux source compiled with mingw. - Ian From ananda.samaddar at vfemail.net Sat Jun 27 09:54:37 2009 From: ananda.samaddar at vfemail.net (Ananda Samaddar) Date: Sat, 27 Jun 2009 14:54:37 +0100 Subject: [OTR-users] OTR usage for Iranians Message-ID: <4A46249D.8020508@vfemail.net> Hi all, I don't want to get bogged down in the politics or legalities of the situation in Iran right now, but simply want to ask other OTR users and the devs if possible the following questions. How secure is OTR when it comes to deniability and strength of encryption? Could OTR be analysed by the Iranian authorities to produce incriminating evidence? thanks, Ananda Samaddar From ian at cypherpunks.ca Sat Jun 27 13:53:16 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 27 Jun 2009 13:53:16 -0400 Subject: [OTR-users] OTR usage for Iranians In-Reply-To: <4A46249D.8020508@vfemail.net> References: <4A46249D.8020508@vfemail.net> Message-ID: <20090627175316.GJ13646@yoink.cs.uwaterloo.ca> On Sat, Jun 27, 2009 at 02:54:37PM +0100, Ananda Samaddar wrote: > Hi all, > > I don't want to get bogged down in the politics or legalities of the > situation in Iran right now, but simply want to ask other OTR users and > the devs if possible the following questions. How secure is OTR when it > comes to deniability and strength of encryption? Could OTR be analysed > by the Iranian authorities to produce incriminating evidence? If someone is watching Internet links, it is clear to them that you're using OTR, and who you're communicating with, but they should be unable to learn what you're saying (the crypto is definitely strong enough). The forward secrecy aspect of OTR is also useful: even if your computer gets seized, old transmitted messages will not be able to be decrypted. [Be sure that "Avoid logging OTR conversations" is checked.] If you also need to hide the metadata (who you're talking to), you should use Tor along with OTR. There are a number of deniability aspects of OTR, but they generally involve showing that a purported transcript of your conversation could easily be faked. But if your adversary doesn't care so much about "evidence" or "proof", then "deniability" won't phase them so much. Now, I don't know what "incriminating evidence" looks like to Iranian authorities. If "this person uses cryptography" is incriminating to them, then OTR, or even Tor, won't help. So far, we (or Tor, to my knowledge) have no reports of this, though. - Ian From christopher.lemire at gmail.com Sun Jun 28 16:19:30 2009 From: christopher.lemire at gmail.com (Christopher Lemire) Date: Sun, 28 Jun 2009 15:19:30 -0500 Subject: [OTR-users] encrypted file transfer Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Jun 21, 2009 at 9:09 PM, Ian Goldberg wrote: > On Mon, Jun 22, 2009 at 01:55:48AM +0000, christopher.lemire at gmail.com wrote: >> It wasn't bounced. You are right. I was just confused because I had >> never seen return receipt before. I thought this feature was supposed >> to tell me if the email was read by the recipient like you can do on >> some web forums. I will disable it. Now would you respond to my topics >> where I wrote about otr please? > > I didn't see any questions in your posts; you just gave some suggestions > as to how to transfer encrypted files, no? > > - Ian > Yes, do you agree, disagree? Feel free to comment on what I said, give it a +1 or a -1 and choose which is your preferred method of encrypted file transfers. - - Hide quoted text - - -- Christopher Lemire Ubuntu 64 bit Linux Raid Level 0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.6) iEYEARECAAYFAkpH0FMACgkQxp8Ys+E7CQlR9ACgr1xySTLRAuohuP634bSRHM2u B6YAn1m2tfbU4dQefKwaQTiZrUi23vPR =3eM6 -----END PGP SIGNATURE----- From christopher.lemire at gmail.com Sun Jun 28 16:29:37 2009 From: christopher.lemire at gmail.com (Christopher Lemire) Date: Sun, 28 Jun 2009 15:29:37 -0500 Subject: [OTR-users] OTR and Message Splitter Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Plugin: Message Splitter Description: Splits a large outgoing message into smaller messages of a specified size. URL: http://plugins.guifications.org/trac I believe it comes from the Purple Plugin Pack. This and OTR are very useful plugins. However, when both used at the same time during an encrypted session, they conflict making the encrypted text shown raw, not decrypted. Is there any work around for this? Suggestions for a fix? - -- Christopher Lemire Ubuntu 64 bit Linux Raid Level 0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.6) iEYEARECAAYFAkpH0rEACgkQxp8Ys+E7CQk/XgCgrrsSzzQbq+6D2le30U8zAIxa lxQAnjckWeOnAk8TcxK7PpdGCSObB2nQ =bWuN -----END PGP SIGNATURE----- From gmaxwell at gmail.com Sun Jun 28 16:58:58 2009 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Sun, 28 Jun 2009 16:58:58 -0400 Subject: [OTR-users] OTR and Message Splitter In-Reply-To: References: Message-ID: On Sun, Jun 28, 2009 at 4:29 PM, Christopher Lemire wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Plugin: Message Splitter > Description: Splits a large outgoing message into smaller messages of > a specified size. You don't need this with OTR. OTR does its own splitting (and merging). Its important that the splitting be internal to OTR because the crypto adds non-trivial overhead. From ian at cypherpunks.ca Sun Jun 28 18:13:38 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sun, 28 Jun 2009 18:13:38 -0400 Subject: [OTR-users] encrypted file transfer In-Reply-To: References: Message-ID: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> On Sun, Jun 28, 2009 at 03:19:30PM -0500, Christopher Lemire wrote: > Yes, do you agree, disagree? Feel free to comment on what I said, give > it a +1 or a -1 and choose which is your preferred method of encrypted > file transfers. Until file-transfer is built in to OTR (coming soon?), I'd think using gpg -c (conventional / symmetric key crypto) to encrypt the file using a key fetched from /dev/[u]random, sending the encrypted file (however you want), and sending (the key and the SHA256 checksum of the encrypted file) over OTR looks like the best thing to me. - Ian From ldm at gmx.at Sun Jun 28 21:05:55 2009 From: ldm at gmx.at (Markus Krainz) Date: Mon, 29 Jun 2009 03:05:55 +0200 Subject: [OTR-users] encrypted file transfer In-Reply-To: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> References: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> Message-ID: <4A481373.1000603@gmx.at> Hi! If someone wants to send me a sensitive file over IM this is what I usually do: I paste them my pgp public key in ascii format over an encrypted OTR session. They then encrypt the file with pgp for me before sending and vice versa. Ian Goldberg wrote: > On Sun, Jun 28, 2009 at 03:19:30PM -0500, Christopher Lemire wrote: > >> Yes, do you agree, disagree? Feel free to comment on what I said, give >> it a +1 or a -1 and choose which is your preferred method of encrypted >> file transfers. >> > > Until file-transfer is built in to OTR (coming soon?), I'd think using > gpg -c (conventional / symmetric key crypto) to encrypt the file using > a key fetched from /dev/[u]random, sending the encrypted file (however > you want), and sending (the key and the SHA256 checksum of the encrypted > file) over OTR looks like the best thing to me. > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: pgpkeys.asc Type: application/pgp-keys Size: 3205 bytes Desc: not available URL: From ian at cypherpunks.ca Mon Jun 29 09:45:01 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 29 Jun 2009 09:45:01 -0400 Subject: [OTR-users] encrypted file transfer In-Reply-To: <4A481373.1000603@gmx.at> References: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> <4A481373.1000603@gmx.at> Message-ID: <20090629134501.GC14669@thunk.cs.uwaterloo.ca> On Mon, Jun 29, 2009 at 03:05:55AM +0200, Markus Krainz wrote: > Hi! > > If someone wants to send me a sensitive file over IM this is what I > usually do: I paste them my pgp public key in ascii format over an > encrypted OTR session. They then encrypt the file with pgp for me > before sending and vice versa. That solution doesn't provide for authentication or integrity of the file, though. [And if your public key is tens of kilobytes, it's also a bit annoying. ;-) ] - Ian From ldm at gmx.at Mon Jun 29 13:30:47 2009 From: ldm at gmx.at (Markus Krainz) Date: Mon, 29 Jun 2009 19:30:47 +0200 Subject: [OTR-users] encrypted file transfer In-Reply-To: <20090629134501.GC14669@thunk.cs.uwaterloo.ca> References: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> <4A481373.1000603@gmx.at> <20090629134501.GC14669@thunk.cs.uwaterloo.ca> Message-ID: <4A48FA47.7050306@gmx.at> Oh no! Tens of kilobytes will almost cause my clipboard to run out of memory when I copy and paste it. :-) You seem to have ignored the and "vice versa" part. If needed the encrypted file can be signed without extra effort. The advantage is that once you got your conversional partners PGP key over OTR you can also send him files over mail, even if he's not currently online. **Ian Goldberg wrote: > On Mon, Jun 29, 2009 at 03:05:55AM +0200, Markus Krainz wrote: > >> Hi! >> >> If someone wants to send me a sensitive file over IM this is what I >> usually do: I paste them my pgp public key in ascii format over an >> encrypted OTR session. They then encrypt the file with pgp for me >> before sending and vice versa. >> > > That solution doesn't provide for authentication or integrity of the > file, though. [And if your public key is tens of kilobytes, it's also a > bit annoying. ;-) ] > > - Ian > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > From ian at cypherpunks.ca Mon Jun 29 15:19:15 2009 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 29 Jun 2009 15:19:15 -0400 Subject: [OTR-users] encrypted file transfer In-Reply-To: <4A48FA47.7050306@gmx.at> References: <20090628221338.GC9221@yoink.cs.uwaterloo.ca> <4A481373.1000603@gmx.at> <20090629134501.GC14669@thunk.cs.uwaterloo.ca> <4A48FA47.7050306@gmx.at> Message-ID: <20090629191915.GR14669@thunk.cs.uwaterloo.ca> On Mon, Jun 29, 2009 at 07:30:47PM +0200, Markus Krainz wrote: > Oh no! Tens of kilobytes will almost cause my clipboard to run out of > memory when I copy and paste it. :-) But it's annoying at the other end to have to scroll through many, many pages to find the top of the key, in order to copy and paste it into gpg. (This is admittedly not a *huge* problem. Just a bit annoying.) > You seem to have ignored the and "vice versa" part. If needed the > encrypted file can be signed without extra effort. But that destroys the deniability properties of OTR. It's exactly because PGP/gpg has no way to do deniable authentication that OTR was invented, in fact. The method you use does, of course, work, but only if you don't care about deniability and/or authentication. If you care about them both, PGP/gpg doesn't help you. - Ian