[OTR-dev] Persisting userstate object across app restarts.

Greg Troxel gdt at ir.bbn.com
Tue Aug 12 07:30:11 EDT 2014


Madhav V <madhav at avaamo.com> writes:

> #2.Unlike desktop operating systems both the iOS and Android(latest
> versions) OSs provide a mature application data sandboxing/protection
> comparable to RAM on desktops*. When you said RAM only/persistent state,
> did you mean to include the latest mobile OSs as well?

That's an interesting claim, but I bet most would consider it
inaccurate.  The persistent data (in flash) can be obtained with a
long-term password, and that is exactly what isn't allowed under PFS.
The point is that compromise of all long-term keying material (say next
week) does not lead to the ability to decrypt today's conversations.  It
may be a slightly extreme view, but I think the group's position here is
that if you don't have PFS, you don't really have confidentiality.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20140812/9fff0de7/attachment.pgp>


More information about the OTR-dev mailing list