However, according to https://en.wikipedia.org/wiki/Perfect_forward_secrecy OTR does provide "perfect forward secrecy as well as deniable encryption". Doesn't that provide some protection against rubber-hose cryptanalysis?
No. As I understand it, the "deniable" in "deniable encryption" is that after the first handshake, there's no cryptographic proof that the messages sent originated from you. This is flimsy legal evidence, because there are more messages that originated from your Pidgin instance that are actually yours compared to those that are somehow fake, and nonexistent evidence when presented to someone who's already torturing you.
Perfect Forward Secrecy means that even if you want to you cannot decrypt old messages, since the keys used are ephemeral and destroyed at the end of the session.
> Perfect Forward Secrecy means that even if you want to you cannot decrypt old messages
Which means, if they're jailing you until you do decrypt the messages, you get jailed indefinitely. Contempt of court has very few limits in some circumstances, even compared to being imprisoned after being convicted of a crime:
> Which means, if they're jailing you until you do decrypt the messages, you get jailed indefinitely.
Maybe, but they wouldn't be waiting for you to do something for them. They would understand that there was nothing you could do to help them decrypt the messages. i.e. your encryption worked.
However, unless there is a legal requirement that you maintain the records in question, a documented habit of destroying them is almost certainly enough to get out of contempt of court for not producing them, absent some specific reason to believe you kept those special.
However, according to https://en.wikipedia.org/wiki/Perfect_forward_secrecy OTR does provide "perfect forward secrecy as well as deniable encryption". Doesn't that provide some protection against rubber-hose cryptanalysis?