Feature #3653
Allow the use of a Forgetfulness Server
| Status: | New | Start date: | 08/15/2014 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | hans | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
A Forgetfulness Server remembers small key/value pairs in RAM and wipes
on request / after a timeout. Call this "forgettable data".
For example, in order to fulfill perfect-forward-secrecy (PFS) goals, the OTR session
state could be encrypted with a forgettable random password and then saved to disk.
The password would be wiped when the app comes back from sleep.
You could use multiple Forgetfulness Servers to reduce the chance of
collusion between the server operator and an attacker.