[OTR-dev] Persisting userstate object across app restarts.
Tom Ritter
tom at ritter.vg
Wed Aug 13 09:02:35 EDT 2014
On 11 August 2014 22:10, Paul Wouters <paul at cypherpunks.ca> wrote:
> Is there another way we can tackle the "sending a message to a user
> that is offline" problem? That is a very legitimate issue for users
> using otr on their phones.
I agree. Most people are probably familiar with it, but TextSecure
(Trevor Perrin) designed a new ratchet for this exact purpose:
https://whispersystems.org/blog/advanced-ratcheting/ It uses a
sub-ratchet that doesn't require the user store key material that is
as sensitive as OTR's.
That said... TextSecure and whatever app you're writing probably
_also_ stores the plaintext messages as a history that can be scrolled
through. TS is still protected by a password, but in general, my order
of importance of OTR secrets is: long term key material allowing
impersonation, plaintext chats, session keys. What's the concern about
storing session keys if either the plaintext or the long term key is
stored accessible?
-tom
More information about the OTR-dev
mailing list