Here we list all the assumptions and caveats from a security perspective for the code in OTR3.
- This code has not been audited, and there are no guarantees that it will fulfill the security properties of the OTR protocol.
- Zeroing
byteslices wipes the value from memory in the Golang VM. byteslices andbig.Intinstances are not likely to be copied to other places in memory by the Golang GC.- Assigning 0 to a
big.Intwipes the previous value from memory. - Modular exponentiation and other similar
big.Intoperations don't leak enough timing information to be useful for side channel attacks. (Or OTR provides enough blinding to counter act this). The libotr implementation uses MPIs from libgcrypt, that seem to be implemented in a similar manner tobig.Intoperations.