Encrypted Instant messaging with Pidgin and OTR(Off the Record)

Did you know most all online instant messaging aim, yahoo, gtalk, icq transmit your messages via cleartext across the internet? If you didn’t I’m sure you’re wondering how many times you discussed sensitive materials or possibly embarrassing conversations might be floating about you on the web. There is no excuse for this in today’s society.

There is a solution for this it’s called otr short for “off the record” plugin .

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:

Encryption

No one else can read your instant messages.

Authentication

You are assured the correspondent is who you think it is.

Deniability

The messages you send do not have digital signatures that are check-able by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

Perfect forward secrecy

If you lose control of your private keys, no previous conversation is compromised.

 

 

For a secure chatting experience we suggest using trillian or pidgin with otr plugin.

So first go get a copy of trillian(free or paid doesn’t matter).

Or

Pidgin located here

Then add your instant messaging accounts you intend to use you can add everyone of them if you desire as the apps support pretty much all protocols in one app.

Then install grab the otr package for  your choice trillian otr or pidgin otr plugin.

For trillian otr plugin you will need to drop the TrillianOTR.dll into the trillian plugin folder typically located C:\Program Files (x86)\Trillian\plugins then restart the app.

For pidgin it’s a nice installer exe file that will do it for you then restart pidgin.

Now you will need to generate a key for each account your going to use otr with.

For trillian go to preferences/plugins/trillian otr plugin and click it to enable then click change button to open the settings. Now we need to generate  our keys for each account go to the OTR-config drop-down then select your account. Then click generate key and wait till it generates key and repeat for each account.

For pidgin go to Tools/plugins/Off-The-Record Messaging check the box to enable then click the configure plugin below.  Under config tab choose your account/s in drop-down then click generate key for each and then close it.

Now to use otr with friends they must have the plugin installed to be able to use otr as well. To start and encrypted I’m session in pidgin u click the otr button top right and start private conversation. The first time you message a new otr contact you will have to verify their key you can manually verify their fingerprint or  ask them a question and set the answer to a secret question and answer they would only know. Once you got both people verified should show a bright green private bar on bottom. Now your encrypted and secure not even your instant message server can decrypt your messages.

Suggested compatible otr compatible clients: adium pidgin gaim trillian psi for desktops.

For mobile phones: gibberbot  beem chatsecure xabber

Well that’s it for now.

PS we suggest using a free jabber account as its more compatible with all other chat protocols. Get a free whatthejabber.me account here.

Security