[OTR-users] protecting the key
Greg Reagle
reagle at cepr.net
Wed Nov 9 10:47:11 EST 2011
Greetings and salutations.
I have already searched http://www.cypherpunks.ca/otr/otr-codecon.pdf and http://www.cypherpunks.ca/otr/index.php#faqs for the answer to my questions. If they are answered in some other document, please point me to it, and excuse me.
I am using:
$ COLUMNS=100 dpkg -l "*pidgin*" "*purple*"
||/ Name Version
+++-===================-===================-
ii libpurple-bin 1:2.6.6-1ubuntu4.3
ii libpurple0 1:2.6.6-1ubuntu4.3
ii pidgin 1:2.6.6-1ubuntu4.3
ii pidgin-data 1:2.6.6-1ubuntu4.3
ii pidgin-libnotify 0.14-1ubuntu14
ii pidgin-otr 3.2.0-5
My private key appears to be stored on my filesystem in~/.purple/otr.private_key, unencrypted.
(1) Is my private key, in fact, stored unencrypted?
(2) If yes, I suppose this is a major security weakness. What are the security ramifications of this?
(3) Are there any plans to remedy?
Thanks!
--
Greg Reagle
System Administrator
Center for Economic and Policy Research
reagle at cepr.net
http://www.cepr.net/
More information about the OTR-users
mailing list