[OTR-users] pidgin-otr: passphrase private key and sign public keys

Ian Goldberg ian at cypherpunks.ca
Tue Jul 8 18:10:18 EDT 2008


On Tue, Jul 08, 2008 at 08:24:03PM +0200, Julian Dibbelt wrote:
> Hi there,
> 
> I just recently installed OTR via the pidgin plugin but quickly
> realized that neither is my private key stored encrypted on the disk
> nor has the list of public keys of my friends been signed with my
> private key.
> 
> Is that just missing from pidgin-otr? Is that feature on the roadmap?

It is missing from pidgin-otr, though it was never really meant to be
there.  OTR aims to protect the network part of your conversation; there
are other products to protect your local machine.  I recommend using
encrypted filesystems, swap, and backups; it's easy to set those up on
most OSs by now.

The biggest problem with encrypting the private key file is that you'd
have to ask for a pass phrase at pidgin startup, which is bad from a UI
point of view.  Users have no reason to enter a pass phrase when using
IM now, so they shouldn't need one just because they happen to be using
OTR.  We want to be able to protect users even if they don't know OTR is
installed.

As was pointed out, if someone does get access to those otr files,
they can't use them to decrypt messages.  They can only use them to
impersonate you to your buddy (or vice versa), but that's admittedly
nontrivial.

Of course, if someone has root access to your local machine so that they
can read those files in the first place, you have bigger problems OTR
can't help you with.  At least on Linux, one's .purple directory is
unreadable to all except the user and root.  (I don't know what the
Windows situation is.)  The permissions of .purple are just like
/etc/shadow you mention.  In this way, OTR gets the same protection
pidgin already offers, with no extra UI intervention, which is as it
should be.

   - Ian



More information about the OTR-users mailing list