From karolas at mail.md Fri Sep 23 09:07:51 2011 From: karolas at mail.md (karolas at mail.md) Date: Fri, 23 Sep 2011 13:07:51 +0000 Subject: [OTR-users] Offline messaging and file transfer Message-ID: Hi. I have some questions, can anyone help? 1- How to safely use the Pidgin OTR plugin to work with pounces and the Offline Message Emulation plugin (which saves offline messages as pounces)? I have the impression that the messages may go through automatically when the two are connected, but sometimes at the start, when you restart Pidgin for example, the conversation begins at "Not private" and the user has to click "Begin private conversation". But the pounces will have already been sent by them. 2- Are file transfers encrypted by the OTR plugin? 3- How often do I have to authenticate the other person? Here is an extreme scenario, but if the other person's computer get stolen, fingerprint won't change and authentication will stay too. Is the habit of authenticating the user every day, even if not asked by the plugin, too much? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dap56 at cornell.edu Fri Sep 23 11:33:18 2011 From: dap56 at cornell.edu (Daniel Perelman) Date: Fri, 23 Sep 2011 08:33:18 -0700 Subject: [OTR-users] Offline messaging and file transfer In-Reply-To: References: Message-ID: On Fri, Sep 23, 2011 at 06:07, wrote: > Hi. I have some questions, can anyone help? > > 1- How to safely use the Pidgin OTR plugin to work with pounces and the > Offline Message Emulation plugin (which saves offline messages as pounces)? > I have the impression that the messages may go through automatically when > the two are connected, but sometimes at the start, when you restart Pidgin > for example, the conversation begins at "Not private" and the user has to > click "Begin private conversation". But the pounces will have already been > sent by them. You are correct that the message could be sent without encryption but I suspect that if you select "require private messaging" it will encrypt. You would have to test, though. > > 2- Are file transfers encrypted by the OTR plugin? No. > > 3- How often do I have to authenticate the other person? Here is an extreme > scenario, but if the other person's computer get stolen, fingerprint won't > change and authentication will stay too. Is the habit of authenticating the > user every day, even if not asked by the plugin, too much? I guess it depends on how paranoid you are. I generally assume I would find out if one of my friend's computers had been stolen, so I only authenticate once (actually, I don't even always bother to authenticate and just have unverified conversations with some people... although I don't trust such links for, say, sharing SSH public keys). Also, a computer being stolen is less of an issue for your encryption keys if you use an encrypted home directory or full-disk encryption, so a thief would still have to guess your password in order to get at your encryption keys. > > Thanks. > > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > - Daniel From Yuri at Aquawings.net Fri Sep 23 13:36:42 2011 From: Yuri at Aquawings.net (Yuri) Date: Fri, 23 Sep 2011 19:36:42 +0200 Subject: [OTR-users] OTR implementation in Psi+ XMPP client In-Reply-To: <4E3CF8BA.4080000@gmail.com> References: <4E3CF8BA.4080000@gmail.com> Message-ID: <4E7CC3AA.8030501@Aquawings.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There's also an unofficial 'patched' version of the original client for Linux that works with the plug-in: http://public.tfh-berlin.de/~s30935 [I think it's been posted here before.] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOfMOqAAoJEKAQrOLw9z5SkBcP/iTvCh16okiFFXcCOGM5WHpF QIXiClXxoeqp63ASnB79wqxbF0lyTCd+4nnwZAOyJ/E6X/5egEaj17eCMttW+BI4 H5JybUT0pbFfm3Gbjt0qrpeuT0ifQOPe0V1XHe42Jwz3UO2GrEmrAhH3Jg1v4isp Jqv1mblkP820nEG0LRvyDYUCsAvLT15/XuXcqJ83HXgWDp9dZM7XhSPsdEbnj/ao PQ24zDgw4s9K2zVL2GsQgcFQoTxjMXu1Mnfsdl/foqdzBPikUGfF8yDYd7wFadyW ics4QcsFBvYEhSowARD+wgpwAMrpShQJkQLE4C23jMUF4LLeFqnCm4gLNRq5+J7s m+eP9BMMTLZwPt1VgSQcPcXa7QU2dcS5Ejb90aAHsSbOD9rejKj5P91JaO/I9vcx 5VB/dSxfBw7kFvRJ1W7Ua1az9vNaDI8fteMHErUVkVuV67u0kyZl7fNnrDHP01tg y5tv8qjivJpuCEYfC1wTBpXC8ni/Fe9eXN37U2kcSLOu1t0GeHppGDD5AuTUe7zx OnmP5IShbfYNOVv8RCJFEx1V+Y4fzlDJsxF1rpkfYKS+YaMkmfr8upVOn67fSF6t VV0AVWnsrlaW+QE5e+o9KAfGA3ZiZilJt5tqXH9q7rqvRhGAoi9LcCRfFGqIbHG+ ZezDbmxByl6dfhTuBClF =SIjB -----END PGP SIGNATURE----- From puhi at msn.com Sat Sep 24 18:34:17 2011 From: puhi at msn.com (Jeff Couturier) Date: Sat, 24 Sep 2011 15:34:17 -0700 Subject: [OTR-users] Authentication Message-ID: I am having trouble with Authentication while using pigdin. I have the latest version of pigdin and the OTR plugin, buddy has same. When we try to Auth. using a secret? the process starts but never seems to complete, we have let it go 5-10min, it does not complete or indicate failed. What's up, need help? Is there a help file somewhere, if there is I can't find it. Thanks<<>>< -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmaxwell at gmail.com Sat Sep 24 18:40:33 2011 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Sat, 24 Sep 2011 18:40:33 -0400 Subject: [OTR-users] Authentication In-Reply-To: References: Message-ID: On Sat, Sep 24, 2011 at 6:34 PM, Jeff Couturier wrote: > I am having trouble with Authentication while using pigdin. > I have the latest version of pigdin and the OTR plugin, buddy has same. > When we try to Auth. using a secret? the process starts but never seems to > complete, we have let it go 5-10min, it does not complete or indicate > failed. > What's up, need help? Is there a help file somewhere, if there is I can't > find it. Say high to your man in the middle for me. From ooydoboora at gmail.com Sat Sep 24 18:54:29 2011 From: ooydoboora at gmail.com (Marko Kraljevic) Date: Sun, 25 Sep 2011 00:54:29 +0200 Subject: [OTR-users] Authentication In-Reply-To: References: Message-ID: I just tried it, without problems. Pidgin 2.10.0 with OTR 3.2.0-1 on ICQ. Windows 7 Pro N SP1-U x64. On Sun, Sep 25, 2011 at 12:34 AM, Jeff Couturier wrote: > I am having trouble with Authentication while using pigdin. > I have the latest version of pigdin and the OTR plugin, buddy has same. > When we try to Auth. using a secret? the process starts but never seems to > complete, we have let it go 5-10min, it does not complete or indicate > failed. > What's up, need help? Is there a help file somewhere, if there is I can't > find it. > > Thanks<<>>< > > _______________________________________________ > OTR-users mailing list > OTR-users at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-users > > From puhi at msn.com Sat Sep 24 19:06:59 2011 From: puhi at msn.com (Jeff Couturier) Date: Sat, 24 Sep 2011 16:06:59 -0700 Subject: [OTR-users] Authentication, more info Message-ID: Still can't Authenticate. When buddy sends me a question and I answer his correctly the process never seems to complete. Could existing fingerprints ( unverified ) be stopping up the process when we try to use the question option ? <<>>< -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Sat Sep 24 22:48:12 2011 From: ian at cypherpunks.ca (Ian Goldberg) Date: Sat, 24 Sep 2011 22:48:12 -0400 Subject: [OTR-users] Authentication, more info In-Reply-To: References: Message-ID: <20110925024812.GJ16172@yoink.cs.uwaterloo.ca> On Sat, Sep 24, 2011 at 04:06:59PM -0700, Jeff Couturier wrote: > > Still can't Authenticate. > When buddy sends me a question and I answer his correctly > the process never seems to complete. Could existing fingerprints > ( unverified ) be stopping up the process when we try to use > the question option ? Nope, the authentication process is independent of whatever fingerprints you already know about. Can you use pidgin -d (or something like wireshark) on both sides to capture the messages that are being sent and received and see if at least they match? Also, what IM network are you using? Is it yahoo? - Ian From puhi at msn.com Mon Sep 26 01:05:37 2011 From: puhi at msn.com (Jeff Couturier) Date: Sun, 25 Sep 2011 22:05:37 -0700 Subject: [OTR-users] Still Can't Authenticate Message-ID: What are my options we are unable to Authenticate. We are both using window machines. Both using pigdin Both using AIM accounts Auth. starts but does not complete or error. We are stumped we are following the directions. Start private. Ask to verify Ask question supply answer and then the window and green bar just hangs. What now? J -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmaxwell at gmail.com Mon Sep 26 01:30:33 2011 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Mon, 26 Sep 2011 01:30:33 -0400 Subject: [OTR-users] Still Can't Authenticate In-Reply-To: References: Message-ID: On Mon, Sep 26, 2011 at 1:05 AM, Jeff Couturier wrote: > What are my options we are unable to Authenticate. > We are both using window machines. > Both using pigdin > Both using AIM accounts > Auth. starts but does not complete or error. > We are stumped we are following the directions. > Start private. > Ask to verify > Ask question supply answer and then the window and green bar just hangs. Try doing the manual fingerprint verification with some other channel like email or a phone call.