Tom Ritter <[email protected]> writes: > That said... TextSecure and whatever app you're writing probably > _also_ stores the plaintext messages as a history that can be scrolled > through. TS is still protected by a password, but in general, my order > of importance of OTR secrets is: long term key material allowing > impersonation, plaintext chats, session keys. What's the concern about > storing session keys if either the plaintext or the long term key is > stored accessible?
Normally, turning on OTR disables logging. The long-term key allows impersonation starting from the time of compromise. Compromising stored past keys allows decrypting of past traffic. Which is worse depends on the person, of course, but it's not a simple total ordering for all people.
pgpvLW2DLRO99.pgp
Description: PGP signature
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
