OTR in Pidgin?
Ian Goldberg
iang at cs.uwaterloo.ca
Thu Jan 15 07:16:29 EST 2009
On Thu, Jan 15, 2009 at 07:10:32AM -0500, Ian Goldberg wrote:
> On Wed, Jan 14, 2009 at 07:29:02PM -0800, Jeff Connelly wrote:
> > On Tue, Jan 13, 2009 at 6:22 PM, Casey Ho <pidgin at caseyho.com> wrote:
> > >
> > > >From a cryptography standpoint, OTR appears to be the best solution
> > > available. Pidgin-encryption does not offer a mechanism for secure
> > > key exchange, whereas OTR uses Diffie-Hellman. Pidgin-Paranoia uses
> > > one time pads, which have historically been vulnerable because no
> > > computer can be truly random.
> >
> > It is relatively easy to build a true (hardware) random number generator to
> > create one-time pads: http://imotp.sourceforge.net/noise.pdf
> >
> > Of course, the average user won't do this, but for the greatest security, it
> > is IMHO the best option.
>
> One-time pads are the best option? You're kidding, right? How do you
> propose to share the key material with all your buddies?
[Or did you mean "if you're going to use one-time pads, hardware random
number generation is your best option"? Yes, that's certainly true.]
- Ian
More information about the Devel
mailing list