[OTR-dev] Persisting userstate object across app restarts.

Adam Zimmerman adam at digitalpirate.ca
Fri Aug 15 16:50:15 EDT 2014


On 14-08-15 10:36 AM, Devrandom wrote:
> There's an idea I came up with a while ago that might be relevant -
> Forgetfulness Servers.
> 
> A Forgetfulness Server remembers small key/value pairs in RAM and wipes
> on request / after a timeout.  Call this "forgettable data".
> 
> In order to fulfill the PFS goals, the OTR session state could be
> encrypted with a forgettable random password and then saved to disk.
> The password would be wiped when the app comes back from sleep.
> 
> You could use multiple Forgetfulness Servers to reduce the chance of
> collusion between the server operator and an attacker.

This sounds really similar to a project called Vanish[0] that was
released a while back. They used a randomly generated key to encrypt
some data. The key was split using a secret-sharing scheme, and shares
were stored in a DHT. The DHT would expire data after 8 hours, so any
data encrypted with the key would be rendered unreadable after that.

[0] http://vanish.cs.washington.edu/



More information about the OTR-dev mailing list