[kopete-bugs] [Bug 274099] New: Kopete OTR leaks unencrypted messages

Thomas Damgaard thomasdn at gmail.com
Wed May 25 13:00:30 CEST 2011 

https://bugs.kde.org/show_bug.cgi?id=274099

           Summary: Kopete OTR leaks unencrypted messages
           Product: kopete
           Version: SVN
          Platform: Ubuntu Packages
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: OTR Plugin
        AssignedTo: kopete-bugs at kde.org
        ReportedBy: thomasdn at gmail.com


Version:           SVN (using Devel) 
OS:                Linux

I use Kopete with the OTR (Off the Record) plugin enabled.
 OTR is a cryptographic protocol that provides strong encryption for instant
messaging conversations. The primary motivation behind the protocol was
providing deniability for the conversation participants while keeping
conversations confidential, like a private conversation in real life, or off
the record in journalism sourcing.

I have set OTR policy to Always and so has the other part I am communicating
with. We both use Kubuntu 11.04 (but this was a problem in earlier versions as
well).

Even though we have set OTR to be used always, OTR leaks clear text messages.
This is extremely troublesome, since the purpose of the software is to keep
messages confidential.

This happens often with the first message sent/received in a conversation, but
also (seemingly) randomly during conversations.

Steps to reproduce:
 1: On computer A, start Kopete with OTR enabled on a Jabber account. Set OTR
policy to Always.
 2: On computer B, start Kopete with OTR enabled on a Jabber account. Set OTR
policy to Always.
 3: From A, start a conversation with person on B.
 4: Notice warnings on the receiving chat window like this:
 (10:38:26) #
 The following message received from REMOVED at gmail.com was not encrypted:
[HELLO]

5: On the sending chat window:
 (10:45:16) #
 OTR Error: You sent encrypted data to REMOVED at gmail.com, who wasn't expecting
it.

(10:45:17) #
 OTR connection refreshed successfully.

(10:45:17) #
 The last message to REMOVED at gmail.com was resent.

This only happens sometimes. I am not sure what exactly triggers this, but it
is a big problem.

One case that does seem to trigger it is if A starts chat with B, then B closes
Kopete while A keeps chat window open. B then starts kopete and writes to A.
This will often result in B's message being sent unencrypted.

Reproducible: Didn't try

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the kopete-bugs mailing list