OTR in Pidgin?

Ian Goldberg iang at cs.uwaterloo.ca
Thu Jan 15 07:10:32 EST 2009

On Wed, Jan 14, 2009 at 07:29:02PM -0800, Jeff Connelly wrote:
> On Tue, Jan 13, 2009 at 6:22 PM, Casey Ho <pidgin at caseyho.com> wrote:
> >
> > >From a cryptography standpoint, OTR appears to be the best solution
> > available.  Pidgin-encryption does not offer a mechanism for secure
> > key exchange, whereas OTR uses Diffie-Hellman.  Pidgin-Paranoia uses
> > one time pads, which have historically been vulnerable because no
> > computer can be truly random.
> It is relatively easy to build a true (hardware) random number generator to
> create one-time pads: http://imotp.sourceforge.net/noise.pdf
> Of course, the average user won't do this, but for the greatest security, it
> is IMHO the best option.

One-time pads are the best option?  You're kidding, right?  How do you
propose to share the key material with all your buddies?

   - Ian

More information about the Devel mailing list