[OTR-users] History Encryption

Ian Goldberg ian at cypherpunks.ca
Wed Jul 15 13:20:16 EDT 2009


On Wed, Jul 15, 2009 at 05:37:36PM +0100, Brian Morrison wrote:
> Tim Clark wrote:
> > 
> > Using the Pidgin OTR plugin for windows, is chat history encrypted?
> 
> No, it isn't
> 
> > 
> > (i understand this might be off topic for this list) If not, any suggestions on how to encrypt chat history in pidgin?
> 
> If you want the security and plausible deniability aspects of Pidgin
> then keeping a log of what was said is not a great solution.

Note that there's the "don't log OTR conversations" config option to
help you not keep logs.

> If you accept that the deniability would be lost then you can protect
> the logs using an encryption program such as GnuPG.

Technically, plaintext logs are still deniable, since anyone could have
edited your log file to say anything.  But you lose confidentiality,
which is much worse.  Encrypted log files can be made deniable if
they're public-key encrypted to your key, but you still lose
authenticity in that case.

   - Ian



More information about the OTR-users mailing list