[Pidgin] #15642: Chat and file encryption

Pidgin trac at pidgin.im
Sat May 25 05:39:00 EDT 2013 

#15642: Chat and file encryption
-------------------------+--------------------------
 Reporter:  CodeLurker   |      Owner:  rekkanoryo
     Type:  enhancement  |     Status:  new
Milestone:               |  Component:  unclassified
  Version:  2.10.7       |   Keywords:
-------------------------+--------------------------
 I notice that encryption has been supported in a plugin:

 [http://sourceforge.net/projects/pidgin-encrypt/]

 However, in spite of numerous bug reports and feature requests, only one
 ticket has ever been closed, and that one on 2005-06-11.  Its last update
 was on 2010-11-09.  By contrast, Pidgin itself enjoys an active
 development community.  Since the plugin uses the Mozilla Network Security
 Services:

 [http://www.mozilla.org/projects/security/pki/nss/]

 the underlying cryptographic source gets constantly updated, possibly
 addressing any weaknesses, but the last update of the plugin was
 2010-11-09.

 With government not needing court approval to do virtually anything these
 days, we cannot rely on governments to uphold our right from unreasonable
 searches of our electronic communications.  Yet, the need for privacy is
 entirely legitimate in many cases, including those of whistle-blowers,
 communication of sensitive personal medical information, and victims of
 crimes.

 The Off The Record plugin has a complex protocol, but the largest numbers
 it deals with in the following description

 [http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html]

 are 320 bits.  Admittedly, I am not conversant with cryptography on a
 functional level, but that doesn't seem like relatively many bits to me;
 whereas I would point out that the largest RSA product of primes publicly
 known to have been factored is currently a 768 bit number:

 [http://eprint.iacr.org/2010/006.pdf]
 [http://en.wikipedia.org/wiki/RSA_numbers]

 The cryptographic plugin supports RSA key sizes (product of two primes, I
 believe) up to 4096-bits.

 I propose that if such an important feature as electronic communication
 privacy is included in Pidgin's main program, it is likely to be more
 well-maintained than in a plugin; and hopefully, it can also add long
 overdue encryption of files too - a feature which is not yet supported in
 Pidgin.  Since the source is readily available, you shouldn't have to
 reinvent the wheel in order to implement this; only use what they've done
 as a guide.

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15642>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list