[OTR-users] Private keys file security
Paul Wouters
paul at cypherpunks.ca
Sat Dec 2 22:13:12 EST 2006
On Fri, 1 Dec 2006, Carl Johnson wrote:
> As Richard pointed out, it would be great to have the
> private keys and fingerprints encrypted.
>
> The countermeasures that we could use against the
> motivated employer, could be to implement a virtual
> keyboard to type the password, and to bypass
> screenloggers, the virtual keyboard would press the
> key when the mouse hovers a key for over 2 seconds,
> for example.
Just use "portable gaim" with gaim-otr, eg it runs
completely from USB drive. When you leave your computer,
you take your USB drive with you.
Passphrase protection of the keys against the administrator
of your machine is impossible. Why try?
> Still, if this is too much trouble since both otrlib
> and otrproxy are somewhat not being updated, someone
> could at least point me to who is the win32
> maintainer?
I maintain the windows installers, Ian cross compiles for
windows.
> But since we cannot choose (at least on WinXP as far
> as I know) the userdir for the privkey and
> fingerprints files, using otr on public computers
> nears the impossible. Interestingly enough, on Win98
> the privkeys are written on the same directory that
> otrproxy is, and that alone would already solve this
> problem. But, Win98 isn't used on public computers
> anymore.
If you use "portable gaim" everything should be written
in the gaim directories on the usb drive.
Paul
More information about the OTR-users
mailing list