Is the OpenPGP model still useful?

Marcio B. Jr. marcio.barbado at
Wed Jul 6 19:28:55 CEST 2011

resuming this thread because I'm studying encryption options for KDE's
Kopete IM client.

So far, OTR adoption seems unjustifiable, really. I mean, it uses the
Diffie-Hellman key exchange method with block ciphers.

As of what I got from your (Robert) explanation plus some preliminary
conclusions of my studies, making use of asymmetric algos with OpenPGP
would be more coherent and secure, mathematically. Is it correct?


On Fri, Apr 29, 2011 at 10:12 AM, Robert J. Hansen <rjh at> wrote:
> On 4/28/11 11:05 AM, Michel Messerschmidt wrote:
>> Sounds very much like Off-the-Record messaging for every kind of
>> communication. Or is there a difference I have missed?
> The barrier to usage is still high with OTR: users still have to
> authenticate, and you can get horrible sync issues.  Plus, let's not
> forget the wacky hijinks that occur if you're logged into IM from two
> places at once -- although this is explicitly supported by some IM
> protocols (Jabber), with OTR it causes no end of troubles.
> The thought experiment here -- it's not a real proposal -- is, "what
> would happen if we discarded authentication entirely, and went purely
> for a require-brute-force approach to discover the random session key?"
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

Marcio Barbado, Jr.

More information about the Gnupg-users mailing list