OTR in Pidgin?

Jeff Connelly shellreef at gmail.com
Wed Jan 14 22:29:02 EST 2009


On Tue, Jan 13, 2009 at 6:22 PM, Casey Ho <pidgin at caseyho.com> wrote:
>
> >From a cryptography standpoint, OTR appears to be the best solution
> available.  Pidgin-encryption does not offer a mechanism for secure
> key exchange, whereas OTR uses Diffie-Hellman.  Pidgin-Paranoia uses
> one time pads, which have historically been vulnerable because no
> computer can be truly random.

It is relatively easy to build a true (hardware) random number generator to
create one-time pads: http://imotp.sourceforge.net/noise.pdf

Of course, the average user won't do this, but for the greatest security, it
is IMHO the best option.

-Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/devel/attachments/20090114/afcd42ae/attachment.html>


More information about the Devel mailing list