Yet another bug fix for OTR but this time in otr4j.jar...
Currently when an OTR session is established between two participants and
later on one of them decides to change PC, refreshing the old session
Because everything in this repo https://github.com/jitsi/libsrc is zipped
and the version of the jar in this repo
https://github.com/gpolitis/otr4jis newer, I cannot create a patch but
I'm sending you a diff. The only
change is a few lines of code in net.java.otr4j.session.SessionImpl
In Pidgin if two participants are chatting under OTR and lets say
participant B changes PC and then sends a message to participant A, when
participant A recieves the message he sees that it is unencrypted and he
tries to refresh the session automatically.
While in Jitsi participant A will just see a notification that the message
was recieved unencrypted and will not try to refresh the session
Do you think it is better this way?
Extending the last mentioned scenario let's say that A and B refresh their
session after B has moved to PC2. They chat for a while and then for some
reason B decides to move back to PC1. If B did not end his first session
with A on PC1(before even moving to PC2), then both A and B will be under
encrypted session but because B's session is old, their SessionKeys won't
This results in different MACs in their messages and the protocol fails.
If this scenario is observed (A sends msg to B but their MACS are
different) Pidgin will try to recover with refreshing the otr session.
While in Jitsi the messages will be discarded and the users won't be able
to chat unless they refresh the otr session by hand.
Again, do you think it is better this way?
SessionImpl (2).java (22 KB)
SessionImpl.diff (398 Bytes)
SessionImpl.java (22.2 KB)