[OTR-dev] python-otr (again)

WolfRage wolfrage8765 at gmail.com
Sun May 29 02:03:23 EDT 2011 

Hi Kjell,

	First thank you for your work on python-otr. 
> Hi,
> 
>   I've been the maintainer for the libotr python bindings [1] for a
> while. They did their job, but had some issues (esp. regarding exception
> handling in the callbacks). Therefore, I decided to write a python
> implementation of libotr using pycrypto (>=2.1). (This seems to have
> been done before [2], but I was unable to find this project today.)
> 
>   My current code can be found in the bzr branch at launchpad [3]. My
> few tests worked pretty well. I haven't done a lot of QA though, and as
> I'm no expert in crypto programming stuff I'd like to ask for feedback.
> 
I have a few questions regarding your new otr implementation done using 
pure python: 1. should this be used for furture otr implementations that 
are written in Python? 2: how stable would you say this code is? 3: how 
many testers have you gotten so far?
> 
>   Some usage information: The application is supposed to subclass
> context.Account and context.Context - the state transition UI and the
> message injection is added to Context, loading/saving of keys /
> fingerprints / trusts happens in Account. The application initially
> creates Account objects, retrieves/creates the Contexts via getContext()
> and performs encryption/decryption similar to libotr with
> receiveMessage()/sendMessage().
>   Things that are not yet implemented: message resending and secure
> memory. The latter might be a little hard in python. There are some
> hacks that zero out objects after deletion, but I don't know exactly if
> that works correctly in practice.
> 
>   I'd love to hear your feedback for both the crypto implementation as
> well as the API.
> 
> [1] http://python-otr.pentabarf.de
> [2] http://lists.cypherpunks.ca/pipermail/otr-users/2007-May/001018.html
> [3] https://code.launchpad.net/~afflux/python-otr/purepython
> 
> -- 
> Kjell Braden

I ask because I am working on creating a implementation for
Telepathy-Butterfly that will allow it to use OTR encryption. Since
this implementation is brand new, I don't think it would hurt to use
your experimental code, since it would work out the bugs in your code
and ensure my code will be up to date longer. Your thoughts?
Thank you again for your time.
--
Jordan Farrell

More information about the OTR-dev mailing list