[OTR-users] Question about the authenticated key exchange
Alex
alex323 at gmail.com
Tue Oct 30 11:28:13 EDT 2012
Even if they choose an appropriate password, the server can just sniff
the password on the wire. That offers no security for the user. The
only way for it to be secure is to have the user store the private
keys on their own systems.
On Mon, Oct 29, 2012 at 11:44 PM, Viktor Stanchev <me at viktorstanchev.com> wrote:
> My plan is to assign everyone a key pair and store it on the server,
> protecting the private key with a password. (Yes, I know it can be attacked
> offline by the server. It will be up to the user to choose an appropriate
> password.)
More information about the OTR-users
mailing list