[OTR-users] protecting the key
Kate Krauss
katie at critpath.org
Wed Nov 9 11:38:27 EST 2011
One more thought--I think that this list is searchable on Google, which isn't the best situation for people seeking internet security. I found posts from me when I googled myself last year. They came up on a person finder web site.
On Nov 9, 2011, at 10:47 AM, Greg Reagle wrote:
> Greetings and salutations.
>
> I have already searched http://www.cypherpunks.ca/otr/otr-codecon.pdf and http://www.cypherpunks.ca/otr/index.php#faqs for the answer to my questions. If they are answered in some other document, please point me to it, and excuse me.
>
> I am using:
> $ COLUMNS=100 dpkg -l "*pidgin*" "*purple*"
> ||/ Name Version
> +++-===================-===================-
> ii libpurple-bin 1:2.6.6-1ubuntu4.3
> ii libpurple0 1:2.6.6-1ubuntu4.3
> ii pidgin 1:2.6.6-1ubuntu4.3
> ii pidgin-data 1:2.6.6-1ubuntu4.3
> ii pidgin-libnotify 0.14-1ubuntu14
> ii pidgin-otr 3.2.0-5
>
> My private key appears to be stored on my filesystem in~/.purple/otr.private_key, unencrypted.
>
> (1) Is my private key, in fact, stored unencrypted?
> (2) If yes, I suppose this is a major security weakness. What are the security ramifications of this?
> (3) Are there any plans to remedy?
>
> Thanks!
>
> --
> Greg Reagle
> System Administrator
> Center for Economic and Policy Research
> reagle at cepr.net
> http://www.cepr.net/
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
More information about the OTR-users
mailing list