[Pidgin] #15642: Chat and file encryption

[Pidgin]

#15642: Chat and file encryption
-------------------------+---------------------------
 Reporter:  CodeLurker   |       Owner:  EionRobb
     Type:  enhancement  |      Status:  new
Milestone:               |   Component:  unclassified
  Version:  2.10.7       |  Resolution:
 Keywords:               |
-------------------------+---------------------------

Comment (by CodeLurker):

 It seems to me that generating keys in a cloud ''decreases,'' not
 increases security; since private keys would be traveling over public
 networks.  The pidgin-encryption plugin can generate keys of 4096-bits in
 a not undue amount of time.  This is the level of encryption used by
 Snowden, and there was a report of only 37 documents out of perhaps
 hundreds of thousands of documents the NSA had been able to decrypt.  For
 now, it is pretty good privacy - no cloud needed.  There probably is no
 government holding keys to pidgin-encryption, as primes are generated
 locally when generating keys in a reasonable time; and the source is open.
 You could probably follow what they've done as a guide.  That is the
 nature of a trap-door function: computationally easy to go one way, and
 hard to go the other.

 Note: I would prefer that encryption not be limited to 4096 bits.

 I'm no cryptographic expert, but wouldn't 256-bit keys be more vulnerable
 to brute force trials?  With NSA having already been known to have
 backdoored one code they promoted, NSA-promoted codes such as AES should
 probably be treated with suspicion.  I don't know if sCrypt() can be
 better, but to my knowledge, RSA is still pretty good - if you use enough
 bits.  It is my understanding that you would need a 4096-bit quantum
 computer to break one in a timely manner - and those at least seem to be
 some ways off.

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15642#comment:4>
Pidgin <http://pidgin.im>
Pidgin