OTR in Pidgin?
Ian Goldberg
iang at cs.uwaterloo.ca
Thu Jan 15 07:10:32 EST 2009
On Wed, Jan 14, 2009 at 07:29:02PM -0800, Jeff Connelly wrote:
> On Tue, Jan 13, 2009 at 6:22 PM, Casey Ho <pidgin at caseyho.com> wrote:
> >
> > >From a cryptography standpoint, OTR appears to be the best solution
> > available. Pidgin-encryption does not offer a mechanism for secure
> > key exchange, whereas OTR uses Diffie-Hellman. Pidgin-Paranoia uses
> > one time pads, which have historically been vulnerable because no
> > computer can be truly random.
>
> It is relatively easy to build a true (hardware) random number generator to
> create one-time pads: http://imotp.sourceforge.net/noise.pdf
>
> Of course, the average user won't do this, but for the greatest security, it
> is IMHO the best option.
One-time pads are the best option? You're kidding, right? How do you
propose to share the key material with all your buddies?
- Ian
More information about the Devel
mailing list