First message is sent unencrypted
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin-otr (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: pidgin-otr
A friend I communicate with encrypted regularly uses multiple computers running Ubuntu 11.04 and Ubuntu 10.04 with Pidgin and its OTR plugin on them (all packages are installed from official Ubuntu package repositories) and different OTR keys on these computers. I use bitlbee and bitlbee-otr on Ubuntu 11.04 on a single computer when communicating with him.
When he sends me an encrypted message, then takes a break for several hours (not sure whether this is required to trigger this behaviour), then changes computers (not sure whether this is required to trigger this behaviour), then sends me another message, I receive this first message unencrypted. Bitlbee/
<root> otr: The following message received from [friends' XMPP account] was not encrypted: [[unencrypted message]]
This has happened several times now. Either the timing factor (session timeout) or the multiple OTR keys factor seem to trigger it - this is difficult to diagnose.
This may be a bug in pidgin-otr or in libotr itself.
Possibly related:
https:/
http://
visibility: | private → public |
description: | updated |
description: | updated |
I'm removing the classification as a security vulnerability, because the expected behavior currently for OTR sessions is that they'll be either manually initiated or automatically initiated once a client detects that a chat partner is also OTR-capable.
This is a feature request, but one that I doubt will be implemented on any client, since OTR is all in-band, and it would require sending a message that non-OTR'd clients would see bare.