Reaching out to others! Free & Open Source Software, Kannada, L10n, L18n Data Science, Cloud Computing & more…

Off-the-Record

linux, Security, Technical | 0 comments

Pidgin IM I use this for logging into all my messenger ID’s. Its an easy and convenient messenger tool. It does come with a rich set of plugins to enhance my chatting experience. It has been my favorite for years now. Pidgin was formally know as Gaim Messenger. You can talk to your friends using AIM, ICQ, Jabber/XMPP, MSN Messenger, Yahoo!, Bonjour, Gadu-Gadu, IRC, Novell GroupWise Messenger, QQ, Lotus Sametime, SILC, SIMPLE, MySpaceIM, and Zephyr. Its available as Adium on OS X.

I always wanted to use secure communication channels to interact with my colleagues , clients and also with friends as security has been the major concern. I needed something which provides me the private channel to communicate. There are many companies like yahoo etc providing enterprise communication messengers. But all I needed was a free solution to this along with my existing messenger.

I really did find one on the net.  Off-the-Record (OTR) Messaging. Which allows you to have encrypted private conversations with your favorite messengers.

These are the main features provided by OTR :

  • Encryption
  • Authentication
  • Deniability
  • Perfect forward secrecy

Implemented and tested on Pidgin, Trillion (Windows), Adium (OS X), mICQ for command line and many more. Its released under GPL.
Installing this plugin on Ubuntu is very easy :

sudo aptitude install pidgin-otr

Once the installation is over, just enable this plug-in from your pidgin’s plug-in list. You will find OTR on your IM windows once this is done. Usage is very simple, click on OTR button to start the private conversation. It requests the key from your buddy. Once you confirm that the key received by you is trusted, you can continue enjoying the off-the-record messaging. You can also secure it further by adding a pass phrase for the authentication.

You might be wondering, why I choose this when there is an another plugin for pdigin is available for encryption isn’t it?. pidgin-encryption does not provide deniability or perfect forward secrecy features.

This is from the FAQ on OTR website to provide you more details:

“If an attacker or a virus gets access to your machine, all of your past pidgin-encryption conversations are retroactively compromised. Further, since all of the messages are digitally signed, there is difficult-to-deny proof that you said what you did: not what we want for a supposedly private conversation! ”

IM securely with off-the-record. Ping me on fizworks (AIM id) if you want give it a try. I would be glad to help you.

Happy Private Messaging!

Related Articles

Related