[OTR-users] OTR and CHAT question
Paul Wouters
paul at cypherpunks.ca
Fri Jan 26 16:49:01 EST 2007
On Thu, 25 Jan 2007, Jiann-Ming Su wrote:
> How do you protect the OTR keys from unauthorized use? When I
> initiate an OTR chat now, I'm not asked for any authentication from
> the private keys. What happens if a trusted user's laptop gets
> stolen, or his workstation gets compromised? Can't the
> intruder/untrusted user start a trusted/verfied OTR chat session?
Yes. One could add a passphrase to encrypt/decrypt those files at
startup, giving the victim some more time to tell their friends
about ditching the keys.
Paul
More information about the OTR-users
mailing list