[OTR-users] OTR and CHAT question

Paul Wouters paul at cypherpunks.ca
Fri Jan 26 16:49:01 EST 2007


On Thu, 25 Jan 2007, Jiann-Ming Su wrote:

> How do you protect the OTR keys from unauthorized use?  When I
> initiate an OTR chat now, I'm not asked for any authentication from
> the private keys.  What happens if a trusted user's laptop gets
> stolen, or his workstation gets compromised?  Can't the
> intruder/untrusted user start a trusted/verfied OTR chat session?

Yes. One could add a passphrase to encrypt/decrypt those files at
startup, giving the victim some more time to tell their friends
about ditching the keys.

Paul



More information about the OTR-users mailing list