51e8 OTR - Telecomix Crypto Munitions Bureau


From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

[edit] What is OTR encryption?

Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

Limitations:Due to limitations of the protocol, OTR does not support multi-user group chat as of 2009 or encrypted file transfers, but these may be implemented in the future. Support for encrypted audio or video is not planned.


[edit] Encrypted Chat with OTR

There are many ways to encrypt communications over the internet. The focus here will be on encrypting some of the more common chatting protocols (AIM, Googletalk, Skype Chat, etc) with OTR encryption.

[edit] Pidgin

Pidgin (formerly named Gaim) is an open-source multi-platform instant messaging client. Pidgin supports many major chat protocols, i.e., AIM, GTalk, MSN, Yahoo, Jabber, Facebook, XMPP, IRC, ICQ etc.

Pidgin works nicely with OTR and they are easy to install on both Linux and Windows. Using Pidgin, you can install the Pidgin OTR plugin and chat the way your normally would. You have the option of letting Pidgin automatically switch to encrypted chat or to keep encryption off until you need it.

Installation on Windows: You will need to download and install Pidgin for Windows and the OTR Pidgin Windows Installer.

Installation on Linux: You can download the source tarballs from thePidgin website and the OTR download page. Pidgin and the OTR plugin are available in most Linux distribution repositories. For Ubuntu users, these packages are in the universe repository. You need to install pidgin and pidgin-otr. You can install these packages using apt by typing the following into terminal:

:~$ sudo apt-get install pidgin pidgin-otr

You might also want pidgin-extprefs, an extended preferences plugin, and pidgin-skype, a plugin for using skype.

Pidgin OTR Configurations

After Pidgin and the OTR plugin are installed, start Pidgin and add the accounts you wish to chat with. Next go to Pidgin's Plugin Preferences by clicking Tools>Plugins, accessible in the main Pidgin application window. In the pop-up window, scroll down to Off The Record Messaging and check the box to enable OTR.

Note: when first initiating a private conversation with someone else, you both need to click on the 'Not Private' box in the chat window to start a private conversation and Authenticate as buddies. To authenticate, click on the unverified box in the chat window and then click Authenticate Buddy. There will be a drop down asking how would you like to authenticate your buddy. There are a few choices but the easiest way to authenticate is by choosing Manual fingerprint identification, then click Authenticate. You and the person you are chatting with should now see Private above the text field in the chat window. That is it.

You are now chatting with end-to-end encryption. You can click on Private to end the privacy or leave it on, close the window, and the next time you chat with that person it will automatically start in Private mode. You and your friends will see normal text but Facebook and Google will see something like the following:


Note: Pidgin logs unencrypted chats on your computer. To turn logging off for OTR only, go into Pidgin's Plugin Preferences, Tools>Plugins, highlight the Off The Record Messaging Plugin and select Configure Plugin. Then check the Don't log OTR Conversations box and close.

[edit] OTR for iOS on the IPhone and IPod Touch

The ChatSecure iOS app is an open-source encrypted messaging application that uses Cypherpunks' Off-the-Record protocol to secure a communication channel over XMPP (Google Talk, Jabber, etc) or Oscar (AIM). This is currently the only Chatting program that we know about for iOS. We are currently testing this and any additional instructions or opinions will be added later.

[edit] irssi

why would anyone want to use anything but irssi? ;)

download irssi-plugin-otr or something like that (if using debian/ubuntu) and then add "LOAD otr" to ~/.irssi/startup, alternatively type "/load otr" in the terminal.

Then make a cipher key... the info how to do stuff is below:

[edit] Halp

/otr genkey nick@irc.server.com
    Manually generate a key for the given account(also done on demand)
/otr auth [<nick>@<server>] <secret>
    Initiate or respond to an authentication challenge
/otr authabort [<nick>@<server>]
    Abort any ongoing authentication
/otr trust [<nick>@<server>]
    Trust the fingerprint of the user in the current window.
    You should only do this after comparing fingerprints over a secure line
/otr debug
    Switch debug mode on/off
/otr contexts
    List all OTR contexts along with their fingerprints and status
/otr finish [<nick>@<server>]
    Finish an OTR conversation
/otr version
    Display irc-otr version. Might be a git commit
    Comma-separated list of "<nick>@<server> <policy>" pairs. See comments
    Same syntax as otr_policy. Only applied where a fingerprint is
    Conversations with nicks that match this regular expression completely
    bypass libotr. It is very unlikely that you need to touch this setting,
    just use the OTR policy never to prevent OTR sessions with some nicks.
    If true running OTR sessions are finished on /unload and /quit.
    If true queries are automatically created for OTR log messages.

[edit] Moar info

Personal tools