[liberationtech] Using Gajim Instead of Pidgin for More Secure OTR Chat

[Gregory Maxwell]

On Wed, Feb 20, 2013 at 10:27 PM, Micah Lee <micahflee at riseup.net> wrote:
> I just wrote a blog post that people here might find interesting about
> using Gajim, a chat client written in python, and Gajim's OTR plugin, a
> purely python implementation of the OTR standard, instead of Pidgin and
> libotr.

Uh. Writing something in python does not make it magically secure. It
often trades one set of security issues for another— in higher level
languages programmers often have no idea what the underlying machine
is doing, and surprising behavior can easily slip in. E.g. I've seen
programs python programs that could be triggered to run arbitrary
commands on the system, for example, because some library they called
n levels deep passed arguments to an os.system().  The mistakes you
need to avoid to write secure C code are more easily made but there
are generally fewer ways to fail.

Personally, I run pidgin in a selinux sandbox in a KVM that I use for
other internet access. I'd like to also run it inside valgrind
modified to exit on error, but pidgin is thoroughly and depressingly
valgrind unclean and with all the white-listing required I'm not sure
how much marginal value that would provide (and Openssl itself for
that matter, though for stupid reasons).

Perhaps Gajim is an improvement of pidgin, but the criteria for that
is auditing and experience— not the language its written in.