[OTR-dev] python-otr (again)

WolfRage wolfrage8765 at gmail.com
Sun May 29 15:31:32 EDT 2011 

Hi Kjell,

I have started playing around with your code, I will let you know if I
run into any snags or bugs but I think it looks like a solid
implementation of OTR minus the missing sections, but I am sure with
time those will get implemented.
Thanks again for your work.
> Hi Kjell,
> 
>         First thank you for your work on python-otr. 
> > Hi,
> > 
> >   I've been the maintainer for the libotr python bindings [1] for a
> > while. They did their job, but had some issues (esp. regarding
> exception
> > handling in the callbacks). Therefore, I decided to write a python
> > implementation of libotr using pycrypto (>=2.1). (This seems to have
> > been done before [2], but I was unable to find this project today.)
> > 
> >   My current code can be found in the bzr branch at launchpad [3].
> My
> > few tests worked pretty well. I haven't done a lot of QA though, and
> as
> > I'm no expert in crypto programming stuff I'd like to ask for
> feedback.
> > 
> I have a few questions regarding your new otr implementation done
> using 
> pure python: 1. should this be used for furture otr implementations
> that 
> are written in Python? 2: how stable would you say this code is? 3:
> how 
> many testers have you gotten so far?
> > 
> >   Some usage information: The application is supposed to subclass
> > context.Account and context.Context - the state transition UI and
> the
> > message injection is added to Context, loading/saving of keys /
> > fingerprints / trusts happens in Account. The application initially
> > creates Account objects, retrieves/creates the Contexts via
> getContext()
> > and performs encryption/decryption similar to libotr with
> > receiveMessage()/sendMessage().
> >   Things that are not yet implemented: message resending and secure
> > memory. The latter might be a little hard in python. There are some
> > hacks that zero out objects after deletion, but I don't know exactly
> if
> > that works correctly in practice.
> > 
> >   I'd love to hear your feedback for both the crypto implementation
> as
> > well as the API.
> > 
> > [1] http://python-otr.pentabarf.de
> > [2]
> http://lists.cypherpunks.ca/pipermail/otr-users/2007-May/001018.html
> > [3] https://code.launchpad.net/~afflux/python-otr/purepython
> > 
> > -- 
> > Kjell Braden
> 
> I ask because I am working on creating a implementation for
> Telepathy-Butterfly that will allow it to use OTR encryption. Since
> this implementation is brand new, I don't think it would hurt to use
> your experimental code, since it would work out the bugs in your code
> and ensure my code will be up to date longer. Your thoughts?
> Thank you again for your time.
> --
> Jordan Farrell

More information about the OTR-dev mailing list