[OTR-users] OTR mentioned in Snowden documents?
Paul Wouters
paul at cypherpunks.ca
Thu Sep 12 14:00:52 EDT 2013
On Thu, 12 Sep 2013, Nathan of Guardian wrote:
>> What about a vulnerability in the IM client (not the OTR plugin)
>> that allows an attacker to grab messages post-decryption or
>> pre-encryption (ala Skype surveillanceware)?
>
> Or as has been already pointed out perhaps, a vulnerability in the
> PRNG that generates the key in the first place:
>
> http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
I hope OTR clients on Android would detect the bad RNG class and warn
the user. Once fixed (if) hopefully detect and tell the user to cycle
keys.
Paul
More information about the OTR-users
mailing list