wiki:how-to/otr

Version 1 (modified by Stephen Mahood, 6 years ago) (diff)

--

What is this OTR I here about with Chat?

Off-the-Record Messaging (OTR) adds end-to-end encryption for chat messages. It has many features: =

Encryption: All the encryption takes place on your devices. This protects your conversation from being read by others, even over insecure networks and untrusted chat providers. Authentication: You know if the person is who they say they are. Deniability: The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages she sees are authentic and unmodified. Perfect forward secrecy: If you lose control of your private keys, no previous conversation is compromised.

Installing OTR

In this tutorial, we will be using OTR with pidgin. Pidgin has the most mature implementation of OTR, and runs on Windows, Linux, and Mac.

Linux

Press Alt+F2 and run:

    gnome-terminal

Copy the following line into the new terminal window and hit Enter:

    sudo apt-get install pidgin-otr

To Run Pidgin press Alt+F2 and type or look in your Menu --> Network --> Pidgin:

    pidgin

Windows

Visit pidgin.im/download

Mac Pidgin can be run on the Mac, but it is much easier to run Adium instead. Adium is a native port of pidgin to the Mac OS. Download Adium.

Now with Pidgin and OTR installed

Select Tools --> Plugins from the main window

Enable Off-The-Record Messaging plugin and click the Configure button

Select your im.mayfirst.org account from the list and click Generate

IMPORTANT NOTE''': Under “Default OTR Settings” select both Require private messaging and Don’t log OTR conversations. This guarantees that you only have encrypted conversations and that you aren’t logging your past conversations. Remember that it is always possible for the person you are talking with to log the conversation. It is a good idea to ask whether that person logs OTR conversations.

Authenticate Buddies for OTR

Click Start Private conversation and follow the instructions to authenticate each other to start a private conversation. The easiest method to authenticate someone is the Question and Answer method in which you ask the other person a question that only they could answer. This is an important security step to verify that you are talking to who you think you are talking to. Examples of acceptable questions:

Q: What did you and I talk about at Jad's last night in the front room?(lower case, one word) A: welding

  • There was just the two people involved in the past conversation, so this is a secure question.

Q: What poster is on the wall of my bedroom? (lower case, two words) A: beehive collective

  • This is a secure question assuming you trust the people that have been in your bedroom.

Questions like “What is my hair color” or “What’s my dog’s name” are insecure because most anyone could easily discover the answers to those questions.