On Sep 12, 2013, at 10:21 AM, The Doctor <dr...@virtadpt.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/10/2013 11:16 PM, Paul Wouters wrote: > >> Perhaps the NSA counts Mannings OTRed logged conversastions as >> "broken into"? :) > > What about a vulnerability in the IM client (not the OTR plugin) that > allows an attacker to grab messages post-decryption or pre-encryption > (ala Skype surveillanceware)? That would neatly evade the crypto > while allowing access to the plaintext. >
What sparked my interest was an info-graphic by the NYT detailing NSA successes per NSA documents that stated: "Encrypted chat - Available with chat programs like Adium or with software added to programs like AOL Instant Messenger, providing 'end to end' encryption, in which the data cannot be decrypted at any point along the transfer (even by the messaging service)." Granted, this is a bad game of telephone. I read the above to mean OTR and not a specific client. _______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
