support for otr ratcheting (async communication)

arlolra / otr

Off-the-Record Messaging Protocol implemented in JavaScript

https://arlolra.github.io/otr/

Mozilla Public License 2.0

458 stars 61 forks source link

support for otr ratcheting (async communication) #54

Closed timkuijsten closed 10 years ago

timkuijsten commented 10 years ago

I was wondering if it's possible, and if yes, if there are any plans to support Axolotl Ratchet. I think async apps like LoquiIM can greatly benefit from this. It's also being used (and sort of invented) by TextSecure.

arlolra commented 10 years ago

The purpose of this library to provide a spec compliant JavaScript OTR library. OTR already has ratcheting for future secrecy, which the Axolotl ratchet is trying to improve upon.

If LoquiIM is an asynchronous application, maybe moving from OTR to the TextSecure protocol better suits their needs.

I'm all for seeing a JavaScript implementation of the TextSecure protocol (including the Axolotl ratchet), but that doesn't seem like it belongs in this library.

timkuijsten commented 10 years ago

Thanks for the reply. Just fyi, it looks like the guys from WhisperSystems / TextSecure are working on a js based implementation: https://github.com/WhisperSystems/TextSecure-Browser.

arlolra commented 10 years ago

Yup, but that's a Chrome extension doing crypto in C (see curve25519-donna) ... a good start at least.

timkuijsten commented 10 years ago

What about https://github.com/WhisperSystems/TextSecure-Browser/blob/master/js/crypto.js?

arlolra commented 10 years ago

It looks like some symmetric operations are done in pure JS as polyfills to the Web Crypto API but ECDHE is done using Google Native Client, https://github.com/WhisperSystems/TextSecure-Browser/tree/master/pnacl/Release