1. 21 Mar, 2014 1 commit
  2. 17 Mar, 2014 1 commit
  3. 09 Mar, 2014 2 commits
  4. 05 Mar, 2014 4 commits
  5. 04 Mar, 2014 2 commits
  6. 28 Feb, 2014 1 commit
  7. 22 Feb, 2014 3 commits
  8. 24 Feb, 2014 1 commit
  9. 21 Feb, 2014 1 commit
  10. 12 Feb, 2014 11 commits
  11. 11 Feb, 2014 5 commits
  12. 31 Jan, 2014 3 commits
    • JC Brand's avatar
      d0f023db
    • JC Brand's avatar
      5406df1b
    • JC Brand's avatar
      Bugfix. Updates #111 · 8232cdaf
      JC Brand authored
      When using OTR with prebind, the user password isn't defined.
      =============================================================
      
      When not using prebind, the user password is used to encrypt the private key
      for the OTR session before it's saved in session storage.
      
      When using prebind, we ideally want to use the same OTR private key across page
      loads, so that we don't have to spend the time generating a new one together
      with AKE on every page load. To do this, we need to store it somewhere, like
      the browser's session storage.
      
      However, I have yet to find a secure way to store the OTR private key that does
      not expose it to maliciously injected javascript.
      
      For now, I've updated the code to generate a new private key and do the AKE
      with every page reload.
      
      I'm considering adding code to store the private key in Session Storage and
      letting the user explicitly enable this (while making them aware of the risks
      involved).
      8232cdaf
  13. 30 Jan, 2014 2 commits
  14. 28 Jan, 2014 2 commits
  15. 29 Jan, 2014 1 commit