[OTR-users] pidgin-otr: passphrase private key and sign public keys

[Julian Dibbelt]

Hello,

On Wed, Jul 9, 2008 at 12:10 AM, Ian Goldberg <ian at cypherpunks.ca> wrote:
> I recommend using
> encrypted filesystems, swap, and backups; it's easy to set those up on
> most OSs by now.

That's not the same: OTR would only need to decrypt the private key
during initilization of each conversation. The encrypted file system
would be mounted (and thus be decrypted) all the time pidgin is
running. I know that that is not much of a difference in theory but it
adds up. It's about the effort an attacker has to make. Starting up vi
and editing otr.fingerprints while I am e.g. running for the door is
not the same as installing a key logger and hiding it from the process
list.

> Users have no reason to enter a pass phrase when using
> IM now,

Hmm, I do enter a password connecting to the IM server. And I dont let
pidgin "remember it" because as far as I know pidgin is missing a
master passphrase to protect my IM passwords.

Also in the CodeCon2005 presentation you compare yourself with pgp -
and with pgp I have to enter the pass phrase all the time because pgp
does encrypt the private key. It also signs my local ring of public
keys with my private key - so that I can be quite sure that they dont
get manipulated with out me noticing.

> We want to be able to protect users even if they don't know OTR is
> installed.

What about users who have been using gpg plugins for IM and wanted to
switch to OTR? I know, I may fork OTR. ;)

> At least on Linux, one's .purple directory is
> unreadable to all except the user and root.  (I don't know what the
> Windows situation is.)

Ubuntu 8.04:
-rw-r--r--  1 jdibbelt jdibbelt   406 2008-07-09 10:41 otr.fingerprints
-rw-r--r--  1 jdibbelt jdibbelt  1984 2008-07-08 16:44 otr.private_key

But I guess that's the package maintainer's fault.

Overall, I get your point of view and I will stop nagging now.

- Julian