Slashdot Mirror

http://en.wikipedia.org/wiki/Off-the-Record_Messaging

There are plug-ins available for it. OTR has some nice properties including the fact that messages are encrypted, but still deniable. What this means is an eavesdropper cannot read what you write, but at some later time an attacker with an unencrypted copy of the conversation cannot prove that you wrote it.

The goal of the project is to provide a level of security similar to meeting in a private place an d talking. Privacy without a paper trail.

http://www.cypherpunks.ca/otr/

I doubt it will be used to look for people breaking copyright.

In other news, here's some way to solve the issue:
* http://www.gnupg.org/
* http://www.cypherpunks.ca/otr/
* I feel bad for linking this but atleast they know their encryption: http://www.skype.com/

This is just another reason that people should be encrypting their chats with something like OTR so that not only can companies not filter anything but they also can't see the content of your IMs.

Let me add OTR messaging to the list.

Available for Pidgin (aka GAIM), Adium X, mICQ, Kopete, Miranda, Trillian and as a proxy for people that use other clients. Works on any IM network.

(I've been using it on GAIM for some time and I recommend it)

A practical application of this is at http://www.cypherpunks.ca/otr/ (with a plugin for a few common AIM application, most usefully for pidgin née gaim).

This one has an implementation called the "Socialist Millionaires Problem", which sounds the same, although I recall it being used only to tell if two secret values are the same on both side, thus augmenting the key exchange protocol with man-in-the-middle detection capabilities, provided the parties has shared knowledge about something (and something reasonably private).

With OTR built-in I can even send it via Google's servers.

Yup, e.g. Pidgin/Gaim have OTR available. I just use it by default. http://www.cypherpunks.ca/otr/

This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation.

So if you need privacy in a UK reveal-your-keys environment, you need a cryptosystem where you don't keep the encryption keys for a given session that they might have eavesdropped on. (They can still demand that you give them the keys for files you've saved on your disk drive, if they can find your disk drive, but you don't have to save incriminating files.) Diffie-Hellman is the standard crypto protocol for generating session keys, and you can reinforce it with signature keys if you want to be sure who you're talking to. It's used in IPSEC session setup, and there are other crypto applications that can use it.

Off-The-Record Messaging is Ian, Nikita, and Eric's protocol for an ephemeral-key session tool that can integrate with applications like Gaim. It has authentication built into it, so you can be sure that you're talking to the person you think you're talking to, but doesn't save message keys in a way that lets anybody decrypt messages later or prove who you were talking to. By contrast, PGP / GPG lets you encrypt email messages, but anybody who intercepts them can force you to decrypt them later, because the message key is fairly persistent (you might change it yearly, but you're not going to change it every day.)

Although a supporter of encryption, I fit mostly in the "dropped the ball" category. I do not use e-mail encryption in part because I do all of my e-mail through the GMail web client and I do not know of any way to use encryption with that. Hints welcome; nothing like digital signatures at the end of e-mails to get friends to ask about encryption. Yes, I know I could use Thunderbird (err... Icedove ;) and POP/SMTP access, but I actually use GMail's labels and find Thunderbird a greatly inferior client compared to GMail.

I have tried to get my friends to use encryption for IM (gaim-encryption or gaim-otr; now pidgin-) with very limited success. Although, I have gotten people to switch to Gaim/Pidgin due to considering it a superior program, they mostly think it is a waste of effort to setup encryption. A few times a have looked around for a good essays or set of essays on why encryption is good idea even when one has nothing to hide, but I have not found anything.

Also, unfortunately, there are no IM encryption protocols with web of trust support that I know of. I believe the long-dead gaim-e project used GPG keys. The pidgin-encryption project suggests this is by design.

As for encouraging the use of web of trust, I wondering if key signatures could possibly be made easier to remember by a natural language encoding. That is, use the signature as a random seed for generating (grammatical) nonsense that some people may find easier to remember (and therefore share) than a string of hex digits.

Also, among the apps allowed by a large WoT are self-signed HTTPS keys, so it would not cost extra to encrypt your website, although there may be processing power issues there as well.

Or use OTR. http://www.cypherpunks.ca/otr/

• Etiher Pidgin Encrypt (formely Gaim Encryption)
• Or OTR

Clearly, the way AOL is going to stay afloat is to sell you 'deletion rights' to the logs of your chats they're archiving on their AIM servers ('for analysis purposes') in a few years.

You do use an OTR client, right?

How is this different from the gaim-encryption plugin?
The gaim-encryption plugin provides encryption and authentication, but not deniability or perfect forward secrecy.

Off the Record (a.k.a. otr) is an encryption tool which can be used for many things. There is a gaim plugin and an aim proxy available at http://www.cypherpunks.ca/otr/.

Don't forget to use OTR for your GAIM sessions...

Use a tool such as Off-the-Record Messaging. You get authentication to protect you against man-in-the-middle attacks, strong encryption, and a clever scheme that makes it so that if someone does manage to break a key and read a conversation, or if one of the parties to the conversation snitches, it still can't be proven that you've said anything in particular; the key material for authentication is published after the fact, so that while it's valid at the time you're having the conversation, afterwards anyone could forge a message that would pass authentication. So if someone comes out and says that you said X, and that they have logs and packet dumps to prove it, you can "prove" that you actually said Y, and that you have logs and packet dumps to prove it, and from a mathematical perspective both of your claims are equally credible -- either or both of you could be presenting a forgery. Fun!

mirrored on Es3b-en.pdf

gaim-encryption is flawed in that it is a weak encryption scheme. Off The Record is a far superior gaim plugin providing a much stronger encrytion, authentication, deniability, and secrecy into the future. Read how it compartes to gaim-encryption on their website. Their whitepaper is really good introduction to what can make encryption strong vs what can make it weak, definitely worth a read for anyone new to crypto. And besides all that, open source != secure. That is a really bad assumption to make.

gaim-encryption is flawed in that it is a weak encryption scheme. Off The Record is a far superior gaim plugin providing a much stronger encrytion, authentication, deniability, and secrecy into the future. Read how it compartes to gaim-encryption on their website. Their whitepaper is really good introduction to what can make encryption strong vs what can make it weak, definitely worth a read for anyone new to crypto. And besides all that, open source != secure. That is a really bad assumption to make.

I disagree. Message-level protocols like OTR are very easy to use when they're implemented correctly into the software, and don't require any particular level of geekitude in order to use.

I've handled the installation, but I know of many non-technical friends who use GAIM+OTR (or Adium, which has it built-in) to communicate, without any problems. It's just like security in a web browser: when the lock icon is closed, it's secure. Nothing else is required out of the user, unless they want to turn it off or on manually (which is very simple; a dropdown menu).

The average user may be an idiot, but I think you're selling them a little short. The trick is getting them to want or care about security; if they care about it, there are technologies available that are well within the ease-of-use range of most people (post-installation; setup can still be tricky).

First, I would like to mention a correction to my post that you replied to: there is a OTR plug-in for Trillian Pro.

OTR and gaim-encryption both ask the user to verify the fingerprints, and the keys are exchanged such that a MITM is theoretically impossible assuming out-of-band verification of the fingerprints, of course. Gaim-encryption uses RSA, so I think it just sends along the public key. OTR generates an AES key with AKE (link to full OTR protocol docs). Check the links to their homepages for complete descriptions of their protocols.

First, I would like to mention a correction to my post that you replied to: there is a OTR plug-in for Trillian Pro.

OTR and gaim-encryption both ask the user to verify the fingerprints, and the keys are exchanged such that a MITM is theoretically impossible assuming out-of-band verification of the fingerprints, of course. Gaim-encryption uses RSA, so I think it just sends along the public key. OTR generates an AES key with AKE (link to full OTR protocol docs). Check the links to their homepages for complete descriptions of their protocols.

You mean the Trillian SecureIM with absolutely no verification on the key exchange (and therefore no attempt to stop a man in the middle attack)? The one that it would be trival to implement a server which kept a plain-text copy of every message invisible to both sides? If you really care about protecting your messages, use something like OTR, which is actually secure. According to this topic, if you have Trillian Pro, there is a plug-in you can use like the gaim-otr plugin, otherwise you can use otr-proxy with any AIM client. Personally, I use gaim-encryption more, but that, of course, is gaim-only.

While I also suggest using some sort of local jabber server with Gaim, it'd probably be a good idea to install some sort of encryption plugin, like Off The Record, to make sure no one's intercepting conversations from the inside of the network even.

I end up doing there key management because they have no clue what a key ring, key server, public key, and private key is.

Zfone, like Off-the-Record Messaging, doesn't use a pre-shared key to prevent man-in-the-middle attacks. Rather, it uses a code (conceptually similar to a key fingerprint) which each person reads for the key they have from the other person, to the other person. By ensuring this code matches what is expected, and observing that the voice is not being artificially replaced between the two people.

As long as those codes are correct, the call is secure.

The second part is that a bit of information is kept from each call, and used in an authentication process in the next call. Because both systems will know this information (if they are the same systems), authentication can occur without either person needing to deal with it directly. If the systems for the second coll are not the same as for the first, the code-reading process must occur again.

There is more to it than that, but that's the quick dirty summary.
For more details, try:
http://www.philzimmermann.com/EN/zfone/index-faq.h tml
http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.ht ml (not the same, but very similar)
http://en.wikipedia.org/wiki/Perfect_forward_secre cy
http://www.ietf.org/internet-drafts/draft-zimmerma nn-avt-zrtp-01.txt

Zfone, like Off-the-Record Messaging, doesn't use a pre-shared key to prevent man-in-the-middle attacks. Rather, it uses a code (conceptually similar to a key fingerprint) which each person reads for the key they have from the other person, to the other person. By ensuring this code matches what is expected, and observing that the voice is not being artificially replaced between the two people.

As long as those codes are correct, the call is secure.

The second part is that a bit of information is kept from each call, and used in an authentication process in the next call. Because both systems will know this information (if they are the same systems), authentication can occur without either person needing to deal with it directly. If the systems for the second coll are not the same as for the first, the code-reading process must occur again.

There is more to it than that, but that's the quick dirty summary.
For more details, try:
http://www.philzimmermann.com/EN/zfone/index-faq.h tml
http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.ht ml (not the same, but very similar)
http://en.wikipedia.org/wiki/Perfect_forward_secre cy
http://www.ietf.org/internet-drafts/draft-zimmerma nn-avt-zrtp-01.txt

Just as an addition, the "Off-the-Record (OTR) Messaging" plugin for Gaim offers a similar setup for instant messaging. (You can use it with other IM clients as well; it works with stock AIM as an HTTP proxy and is built in to Adium for Mac.)

In my opinion, it's a much better system than some of the other IM encryption setups, which give you authentication but not any forward secrecy or deniability. Basically it forces you to authenticate the other party via a side-channel, rather than using a trust framework a la PGP, but in return the authentication can't be turned around and used against you after the fact.

It does this via an unauthenticated Diffie-Hellman key exchange, and then creating and exchanging a per-session symmetric key within that channel, which is destroyed at the end of the conversation. More technical information is available here.

In short it provides more authentication than Trillian's setup, more deniability than gaim-encryption, and doesn't require any of the infrastructure required by SILC. The only difficulty in using it is getting other people to use a supported client program and to install the plugin / generate a key.

I think there's room for both types of encrypted communications: ones that provide a trust framework and robust authentication, and ones that provide for more deniability (and allow the computerized century equivalents of a face-to-face meeting, where if both people desire it, they can deny the contents of the communication later).

Just as an addition, the "Off-the-Record (OTR) Messaging" plugin for Gaim offers a similar setup for instant messaging. (You can use it with other IM clients as well; it works with stock AIM as an HTTP proxy and is built in to Adium for Mac.)

In my opinion, it's a much better system than some of the other IM encryption setups, which give you authentication but not any forward secrecy or deniability. Basically it forces you to authenticate the other party via a side-channel, rather than using a trust framework a la PGP, but in return the authentication can't be turned around and used against you after the fact.

It does this via an unauthenticated Diffie-Hellman key exchange, and then creating and exchanging a per-session symmetric key within that channel, which is destroyed at the end of the conversation. More technical information is available here.

In short it provides more authentication than Trillian's setup, more deniability than gaim-encryption, and doesn't require any of the infrastructure required by SILC. The only difficulty in using it is getting other people to use a supported client program and to install the plugin / generate a key.

I think there's room for both types of encrypted communications: ones that provide a trust framework and robust authentication, and ones that provide for more deniability (and allow the computerized century equivalents of a face-to-face meeting, where if both people desire it, they can deny the contents of the communication later).

I use the Off-the-Record plugin for gaim for all my illegal activites

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:

Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.

You can already enrcrypt the text portion of your favorite IM's.

Haven't you heard of GAIM-encryption. http://gaim-encryption.sourceforge.net/

There's also a plugin called Off-The-Record(OTR) from cypherpunks. http://www.cypherpunks.ca/otr/

I've got both. First download gaim-enryption, then add the OTR. They're actually independent and don't work on top of each other. I've just got people that use one or the other, and I just select the one I need to encrypt the channel. Both are pretty seamless.

When GAIM finally gets voice, then I'm sure GAIM-encryption will follow with encrypted voice.

There's only one plugin I use regularly, and I think it's quite useful: Off-The-Record Messaging. Great when you don't want a pesky, bored sysadmin reading about your private life.

The man in the middle attack was fixed a while ago with OTR2 (5 Nov 2005, to be precise).

The man in the middle attack was fixed a while ago with OTR2 (5 Nov 2005, to be precise).

There are two Gaim encryption plug-ins which are being actively developed. One is gaim-encryption ("Gaim-Encryption uses NSS to provide transparent RSA encryption as a Gaim plugin."), which is Gaim-only. The other is OTR, which can be used with any AIM client on Windows, Linux, or Mac (there is a plug-in for Gaim and a proxy server for other clients). I have both installed, but I have trouble getting my friends to use them, even the ones who use Gaim. Unforunately, Gaim does not support Trillian's encryption nor AIM's official client's encryption, and, as far as I know, no one is working on either.

OTR doesn't use TLS, but it does a great job encrypting conversations. Much better approach than SecureIM by Trillian or gaim-encryption.

Nothing can stop Google from loggin everything you do over their servers. What you can do is make it pointless:
- use Gaim with
- OTR for all your chat, routing it via
- TOR by TORifying Gaim

Furthermore you better create a fresh account for this, using an invite that you got through a non-traceable route (for instance using Firefox with the Switchproxy plugin according to Tor's guidelines.) Don't forget to install Privoxy for this and configure your browser correctly or your DNS requests are still going over open channels. For more information you can refer to the documentation on the TOR website.

Yes you miss out on the new coolness, yes you have to have alternative channels to verify fingerprints to really be certain there's no man-in-the-middle and yes I'm really paranoid.

Questions?

Yes but google is the search giant.. Would you want to be able to search other peoples IM's to find out who likes pink, cherry flavored popcicles? We all know that google logs what you search for, I just fear that google, without you knowing, would log what you chat about!

Trillian Secure IM -and- Off-the-Record Messaging are your friends.

This is true, OTR doesn't do validation in the same way that PGP/GPG does. It's actually at least partially by design; the idea is for a conversation to be both secure and deniable after the fact. By not performing strong validation, there's no way for someone later (after they'd brute-forced the encryption, perhaps) to use the encryption to prove that anyone in particular was involved, or that the conversation hadn't been modified after the fact.

This isn't a particular concern for me so I haven't really investigated how it's implemented, but I think that anything which did strong key validation (as opposed to OTR's strategy, where you're presented with the key and can call the other party up on the phone or something and see if they match) would break the "deniability" part which is one of their goals.

From the description of the OTR Protocol (http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.h tml) "The general idea is that Alice and Bob do an unauthenticated Diffie-Hellman (D-H) key exchange to set up an encrypted channel, and then do mutual authentication inside that channel." ... "If all of the verifications succeeded, Alice and Bob now know each other's Diffie-Hellman public keys, and share the value s. Alice is assured that s is known by someone with access to the private key corresponding to pubB, and similarly for Bob."

So after you get everything set up and the channel negotiated, you end up with the other person's public key. You can call them (or email, whatever) and share the public key values, and if they match then you're good to go. Of course your level of trust that there's not a man-in-the-middle depends on how well you trust the verification of that public key -- if you call them up and recognize their voice and they read the key to you, you're probably okay. (However if this mode of keysharing is monitored -- say via a phone tap -- and "they" catch you sharing the keys, you may give up deniability. I'm not sure.)

It's (at least in my reading) something of a tradeoff -- you don't get trust infrastructure and identity authentication, but instead get forward secrecy and deniability. Personally I think the OTR people have the right idea for IM encryption, although I'm not sure if it would be a good model for email.

My point was just that we're very close to making encrypted communications easy enough for The Rest Of Us, it's just that the pieces haven't been but together quite right yet. I think Sente's GPGMail for OS X Mail is the easiest mail-encryption setup yet, and with some polish could be easy enough for my mother. I was bringing up Adium as the gold standard, IMHO, for ease of use in communications security so far.

Take a look at OTR. Both a gaim plugin and a proxy are provided. So, although GAIM has the best integration and support for all protocols, you can use it with any client if all you need is AOL AIM support.

OTR provides three important cryptographic assurances which are omitted in most chat crypto implementations. Perfect forward secrecy (so if your keys are later compromised it doesn't back compromise all your conversations), Denyability (a log of your traffic and a copy of the key can't be used to prove you said something, gaim-encryption uses digital signature so it can be used to prove you said something, not what you expected a privacy plugin to provide!), and authentication (you know there isn't a man in the middle intercepting your communication, believe it or not Trillian's encryption support does not have any authentication!).

OTR will also work over any IM network (at least with the GAIM plugin, the proxy is aim only right now), so you can combine OTR with a SSL/Jabber server to hide who you're talking to (or that you're 'talking') from someone sniffing the wire, while OTR hides what you say from the server operator.

OTR at least as a Gaim plugin is easy to use and can be installed by the computer phobic with only a small amount of handholding.

In any case, should this message ever get modded high enough that you see it... give OTR a look!

OTR may do what you want (or not), but it needs to be handled correctly to really be secure, of course. I think there's built-in support for it in Adium-X, too; for vanilla GAIM, there's a plugin, as well as a generic AIM proxy that will work with all clients (but only AIM, obviously, whereas the plugin supports all IM services that GAIM can use).

AIM's encryption feature really isn't as hot as you thihnk it is. PKI with AOL at the root? No thanks. Off-the-record messaging has a design that's actually been thought-out and designed from the bottom up with the needs of an IM client in mind. It's also quite stable, and it works for anyone who runs Gaim or Adium or uses Windows, OS X, or any decent Unix.

Oh, and did I mention it's protocol-agnostic?

And for anyone who's wondering, gaim-otr should be able to interoperate with Gaim 2.0 shortly after (or perhaps shortly before) its release; I've been betaing a patched-up version of gaim-otr against gaim CVS for a while now with no issues.

If you want strong encryption with nice properties, do look into off-the-record messaging - there's both a GAIM plugin (works with all protocols) and an AIM proxy. I think AdiumX also has support for this built in.

It's got some nice properties like perfect forward secrecy and plausible deniability, and it's GPL/LGPL-licensed. (GPL for the AIM proxy, toolkit and GAIM plugin; LGPL for the library)

You could use OTR. Yes, it's primarily intended for AIM, but the GAIM plugin at least seems to work with all underlying protocols, so if you and the one you want to talk to both use GAIM (or, if you're using OS X, Adium X, which IIRC has native support for OTR), you can use it on Google Talk, too.

For those who can't / don't want to use GAIM (or Adium X), they have an AIM proxy server. I imagine that it wouldn't be impossible to do similar proxies for other protocols as well.

If you use Gaim (and several other clients, but that's the one I use) there's a very nice plugin called Off-the-Record Messaging that allows you to encrypt your communications, no matter which protocol you are using (MSN, Jabber, Yahoo... you name it).

A declaration of intent is no protection at all.

Having traffic between you and google won't help anything either.

You can encrypt your IM using any method you like, for example Off-The-Record: http://www.cypherpunks.ca/otr/, which have all of the desireable properties.

This however does not protect you from google knowing *who* (gmail-id) you are messaging, when, and many other interesting things.

While we're on the topic of encryption, let me say that while gaim-encryption is nice, there's an even better solution, namely Off-The-Record messaging (OTR). It's available as both a GAIM plugin and an AIM proxy server (for other clients); Adium X (a multi-protocol IM client for OS X) also has built-in support for OTR.

Definitely worth a try if you value your privacy and don't want every rag, tag and bobtail reading your IM conversations with people.

I'd use GAIM (http://gaim.sourceforge.net/) plus the following plugin... Off-the-Record (OTR) Messaging allows you to have private (not just encrypted) conversations over instant messaging by providing: Encryption, Authentication, Deniability, and Perfect forward secrecy. Found at.. http://www.cypherpunks.ca/otr/ Willy

Yes, some of these are completely contrary to what makes sense for the computer. But a conversation can be made partialy ephemeral. Have a look at this "off the record" plugin for gaim : http://www.cypherpunks.ca/otr/ . You can have a conversation where:

Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

Having the actual data be removed from your computer, however, does require DRM. So he cannot be completely satisfied.