On 08/11/2014 11:10 PM, Paul Wouters wrote: > > Could a user that goes offline perhaps generate a new session key > that would be terminated as soon both users are online again?
You could use the shared "extra symmetric key"[0] as your offline message key, and save that in RAM only. If you use a very simple Service that uses only a small amount of memory, then it should not be killed or wiped, unless the user reboots the device. This isn't 100% the same but, our CacheWord library for Android does something along these lines - a dedicated service for just holding sensitive, unencrypted keys in memory: https://github.com/guardianproject/cacheword +n [0] https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
