[OTR-users] OTR mentioned in Snowden documents?
Chris Ballinger
chrisballinger at gmail.com
Fri Sep 6 13:30:20 EDT 2013
What are the main disadvantages to an NDK build of libotr / libgcrypt? The
main issue seems that you need to include binaries for multiple
architectures that can increase app size significantly. However having two
actively maintained implementations could be good for diversity.
On Fri, Sep 6, 2013 at 10:02 AM, Nathan of Guardian <
nathan at guardianproject.info> wrote:
> On 09/06/2013 12:40 PM, Mike Minor wrote:
> > I thought I might poke some discussion as to where the weaknesses might
> be in an OTR implementation where you are using the currently known best
> practices (verifying fingerprints, etc)
> Excellent point, and true that if there were mass MITM on OTR sessions,
> those of us who do verify would notice.
>
> One fear I have had has been around OTR4J (which we use in Gibberbot,
> and others like Jitsi do as well) and our dependency on BouncyCastle
> libraries, and Java, as well for that.
>
> With the recent weakness found in the Android PRNG, I fear there may be
> other "oops" bugs, either intentional or not, somewhere in that stack.
>
> +n
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20130906/dca6c08b/attachment.html>
More information about the OTR-users
mailing list