[OTR-users] Offline messaging and file transfer

[Daniel Perelman]

On Fri, Sep 23, 2011 at 06:07,  <karolas at mail.md> wrote:
> Hi. I have some questions, can anyone help?
>
> 1- How to safely use the Pidgin OTR plugin to work with pounces and the
> Offline Message Emulation plugin (which saves offline messages as pounces)?
> I have the impression that the messages may go through automatically when
> the two are connected, but sometimes at the start, when you restart Pidgin
> for example, the conversation begins at "Not private" and the user has to
> click "Begin private conversation". But the pounces will have already been
> sent by them.

You are correct that the message could be sent without encryption but
I suspect that if you select "require private messaging" it will
encrypt. You would have to test, though.

>
> 2- Are file transfers encrypted by the OTR plugin?

No.

>
> 3- How often do I have to authenticate the other person? Here is an extreme
> scenario, but if the other person's computer get stolen, fingerprint won't
> change and authentication will stay too. Is the habit of authenticating the
> user every day, even if not asked by the plugin, too much?

I guess it depends on how paranoid you are.

I generally assume I would find out if one of my friend's computers
had been stolen, so I only authenticate once (actually, I don't even
always bother to authenticate and just have unverified conversations
with some people... although I don't trust such links for, say,
sharing SSH public keys).

Also, a computer being stolen is less of an issue for your encryption
keys if you use an encrypted home directory or full-disk encryption,
so a thief would still have to guess your password in order to get at
your encryption keys.

>
> Thanks.
>
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
>

  - Daniel