[OTR-dev] Persisting userstate object across app restarts.
Greg Troxel
gdt at ir.bbn.com
Tue Aug 12 07:30:11 EDT 2014
Madhav V <madhav at avaamo.com> writes:
> #2.Unlike desktop operating systems both the iOS and Android(latest
> versions) OSs provide a mature application data sandboxing/protection
> comparable to RAM on desktops*. When you said RAM only/persistent state,
> did you mean to include the latest mobile OSs as well?
That's an interesting claim, but I bet most would consider it
inaccurate. The persistent data (in flash) can be obtained with a
long-term password, and that is exactly what isn't allowed under PFS.
The point is that compromise of all long-term keying material (say next
week) does not lead to the ability to decrypt today's conversations. It
may be a slightly extreme view, but I think the group's position here is
that if you don't have PFS, you don't really have confidentiality.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20140812/9fff0de7/attachment.pgp>
More information about the OTR-dev
mailing list