Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure Instant Messaging Systems?

Posted by Cliff on from the cloak-and-dagger dept.

Elik writes: "I been asked by the higher up at Netwolves as to the availability of a secure messaging system that uses an encrypted protocol for messaging instead of insecure systems like AIM, MSN, Yahoo or ICQ. From what I have read, they are not secure enough that you can send any secret confidential information though the messenger system, since from the reading, they are not encrypted. Are there secure messaging client/server systems that are available for most platforms, that could be considered secure by using some of the standard encryption systems like 3DES, Blowfish or others?" It shouldn't be too hard to hack support for this into the existing IRC clients. It may not be as cute as most IM systems, but if it's security you want, you may have to sacrifice something. If you are transferring huge amounts of data, why worry about instant messaging systems? Just use PGP (or GPG) to encrypt the data and the plethora of file sharing software currently available on the Internet to get it where you want?

4 of 15 comments (clear)

  1. Gale by buildboy · · Score: 2
    Gale is such a system ( from http://www.gale.org/docs.xml ):

    Gale is instant messaging software distributed under the terms of the GNU General Public License.

    Several features set Gale apart from other instant messaging systems.

    Gale is open source software. The GPL ensures that you and others retain the freedom to modify and distribute the Gale source code. Gale will never lock into any one vendor's proprietary, closed system.
    Gale is useful. Gale isn't just about poking "private" messages to someone sitting at another computer. Gale does support secure private messaging, but Gale also has a well-developed infrastructure for public (and semi-public) chat.
    Advanced categorization and filtering features mean that you can precisely control your level of participation and distraction. We've been at this for years, we've tried everything else out there, and we have a lot of experience with the usability of real-time messaging systems. The result of our experience is something like IRC, something like Zephyr, and something like commercial "instant messaging" systems, but with many features you won't find in any of these.
    Gale is secure. Most other systems depend on the security of a central bank of servers, and provide no protection against network eavesdroppers.
    Gale uses strong cryptography for both privacy and authentication, and is designed to work in an environment of mutual distrust between users and administrators.
    Gale scales. Gale's architecture uses a loosely-connected set of servers which locate each other via DNS only when they need to talk to each other. Multicast is accomplished by the dynamic creation of self-healing spanning trees of interconnected servers. The network is robust; servers and clients detect and route around failure. This means Gale is fast and stable. Gale will not suffer the kind of performance and reliability problems USENET, IRC, and centralized commercial message systems do.
    Gale is here today. Gale has been in active development for over three years. Both clients and servers have been well tested by daily use in an active user community. Both simple command-line and sophisticated graphical clients are available, and there are platform solutions for the POSIX, Microsoft Windows, and Java platforms.
  2. Licq has OpenSSL support by AndmaN · · Score: 2

    Yep.. and it works fine.
    "Licq now supports Secure Socket Layer connections between clients allowing for fully secure communication of messages, urls, chat requests...

  3. PGP 7.0 includes ICQ plugin by UnrefinedLayman · · Score: 2

    The newly released PGP 7.0 (pgp.com) includes an ICQ plugin that does realtime encryption of all ICQ messages.

    On top of that, it includes PGPnet, a VPN client that can encrypt all communications between two clients.

    Don't reinvent the wheel.

  4. A Commercial Plug by scotpurl · · Score: 3

    SameTime from the folks at Lotus. Integrates with both Exchange and Lotus Notes directories (I think with NT directories, too) as well as LDAP. They actually bought stuff from http://www.ubique.com and merged it with stuff from http://www.databeam.com to create SameTime, and then integrated it into everything. A PIII 500 will support something like 20,000 users.

    Anyway, secure, plus beaucoup other functionality. Published, extendable APIs, examples. Video streaming, audio streaming, etc. etc. Uses choice of ActiveX or Java. Version 2.0 is due out the end of the month (or thereabouts). There's a Java version of the chat/instant messaging client, plus a Windows version.

    http://www.lotus.com/sametime