[OTR-dev] Persisting userstate object across app restarts.

Greg Troxel gdt at ir.bbn.com
Wed Aug 13 09:41:34 EDT 2014


Tom Ritter <tom at ritter.vg> writes:

> That said... TextSecure and whatever app you're writing probably
> _also_ stores the plaintext messages as a history that can be scrolled
> through. TS is still protected by a password, but in general, my order
> of importance of OTR secrets is: long term key material allowing
> impersonation, plaintext chats, session keys. What's the concern about
> storing session keys if either the plaintext or the long term key is
> stored accessible?

Normally, turning on OTR disables logging.

The long-term key allows impersonation starting from the time of
compromise.  Compromising stored past keys allows decrypting of past
traffic.  Which is worse depends on the person, of course, but it's not
a simple total ordering for all people.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20140813/ca71dc11/attachment.pgp>


More information about the OTR-dev mailing list