[OTR-users] Question about the authenticated key exchange

Justin Ferguson jnferguson at gmail.com
Tue Oct 30 11:56:39 EDT 2012


> The
> only way for it to be secure is to
> have the user store the private
> keys on their own systems.

This.

Moreover why even leave the attack surface? I assume the intention is to
evade warrants, NSLs, etc and less concern about the admin itself, so why
even leave a bunch of private keys laying around for LEO?

> On Mon, Oct 29, 2012 at 11:44 PM, Viktor Stanchev <me at viktorstanchev.com>
wrote:
> > My plan is to assign everyone a key pair and store it on the server,
> > protecting the private key with a password. (Yes, I know it can be
attacked
> > offline by the server. It will be up to the user to choose an
appropriate
> > password.)
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20121030/0a90e09a/attachment.html>


More information about the OTR-users mailing list