Comment Re:Still not too bad (Score 1) 215
gaim-encryption uses long lived keys for both authenticating and message encryption. This means all of your past conversations can be unencrypted if your key is compromised at any time, and someone has access to an encrypted record of your conversation.
OTR uses a long lived key for authentication, but it uses a key generation/exchange scheme for message encryption. There is no way that a compromise of your fingerprint key can lead to compromise of your conversations. THe keys for encrypting the conversation are discarded after the conversation, they arent left lying around on the computer so that a laptop thief can later acquire and break into them.
OTR is the scheme to use if you have are having vital conversations that must be kept secret. Gaim-encryption is fine for preventing casual eavesdropping, but a determined attacker could read your conversations, especially if physical access to the computer is a possibility. Given that both plugins function similarly and are about the same complexity to the user, why use the weaker one?
OTR uses a long lived key for authentication, but it uses a key generation/exchange scheme for message encryption. There is no way that a compromise of your fingerprint key can lead to compromise of your conversations. THe keys for encrypting the conversation are discarded after the conversation, they arent left lying around on the computer so that a laptop thief can later acquire and break into them.
OTR is the scheme to use if you have are having vital conversations that must be kept secret. Gaim-encryption is fine for preventing casual eavesdropping, but a determined attacker could read your conversations, especially if physical access to the computer is a possibility. Given that both plugins function similarly and are about the same complexity to the user, why use the weaker one?
