[OTR-dev] Last-minute change to libotr 4 API

Ian Goldberg ian at cypherpunks.ca
Sun Aug 26 09:50:31 EDT 2012


On Sat, Aug 25, 2012 at 11:28:05PM -0400, Paul Wouters wrote:
> On Sat, 25 Aug 2012, Ian Goldberg wrote:
> 
> >So even after Alice and Bob have established an OTR session and are
> >happily chatting, the current 4.x (master branch) code still has a copy
> >of the private key used to generate Bob's COMMIT message stashed away.
> >If Bob's computer's memory is compromised after that point, this private
> >key may be able to be used to decrypt the first messages of the
> >conversation.  This is undesirable.
> 
> But wouldn't the messages be in plaintext in memory anyway somewhere
> in pidgin space? If you can read memory of the user, can't you get to
> the plaintext anyway? Even with logging disabled?

I have no reason to believe pidgin necessarily stores old plaintexts in
memory if, say, the conversation window is cleared (control-L) or
closed.  But more to the point, pidgin isn't the only application that
uses libotr.

> >	polltime = otrl_polltime(userstate);
> 
> >	otrl_poll(userstate, uiops, uiopdata);
> >
> >   every polltime seconds (or thereabouts; exactness is not important).
> >   The otrl_poll function will do any periodic cleanups necessary for
> >   forward secrecy purposes (and, I suppose, any other operations that
> >   should be done periodically, but none is needed at the moment).
> 
> Seems fine, but I would really like to do some extended testing to see
> how it works in practise.

Definitely.

Thanks,

   - Ian



More information about the OTR-dev mailing list