Re: Trillian SecureIM [Was: Re: Ancheta denied bail/bond ]

[James Eaton-Lee <james.mailing () gmail com>]

On Wed, 2005-11-09 at 18:58 -0700, Dude VanWinkle wrote:
> Is there anything wrong with http://GAIM-Encryption.sourceforge.net ?
>
> Thats all I use (after regenerating the key pair to 4096 that is
> [never broke encryption before, and I am not all that good at math, so
> I am not sure how effective of a deterrent this is])

My experiences with the gaim encryption have been less than favourable -
last time I used it (admittedly, at least a year ago), it got quite
confused as to whether or not the other participant in any given AIM
session actually had the gaim encryption plugin installed; after
coordinating a session with a friend (also with the same version of the
gaim encryption plugin installed), we got gaim encryption both to
recognose the other participant and to tell us it was encrypting our
traffic, and proceeded to discuss top secret business plans, pass bank
account details & social security numbers over the wire, etc etc.

Then I took a look at the traffic passing through my firewall, and it
was quite clearly plaintext. I haven't used it since. (I'm sure it's
gotten better - what I'm really saying is that last time I used it it
didn't seem reliable, and I'd be hazy about trusting it now).

 - James.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.