Use OTR to protect your chat privacy

Source: Internet
Author: User
Tags arch linux

In Internet chat (instant messaging), you can use open-source free software to ensure that the software has no backdoors and use encrypted transmission protocols (such as SSL-based HTTPS) this ensures that the information is not intercepted by a third party when it is transmitted to the server. However, this does not prevent the chat service provider from recording or analyzing your chat content. Therefore, to protect the privacy of the chat, it is best to use "end-to-end" encryption technology so that the chat content can only be read by both parties.

Among the many "end-to-end" encryption technologies, the open-source free OTR (Off the record, which can probably be translated as "no trace passing by": D) is relatively convenient and easy to use, unlike the traditional PGP system, OTR is more suitable for online chat, because PGP has some disadvantages when used in online chat:

1. key pair has a long validity period.
Although PGP-encrypted chat content cannot be instantly deciphered by the third party, it can be recorded first, and then the private key of a party will be obtained through some methods ), the attacker can restore all previous chat records.

2. The digital signature can ensure the data integrity of the chat content and determine the author of the content. It is necessary in the current chat. However, in the future, if a key of a party is leaked, the chat content previously signed by a digital signature becomes "evidence.

OTR avoids the disadvantages of PGP by using short-term valid keys for each session, so it is more secure.

In order to use OTR, we need to use the real-time communication software Pidgin in combination. This is a client software that supports a variety of instant communication services, and there are a variety of plug-ins to provide function extensions. Pidgin supports instant messaging services including MSN, AIM, Yahoo, Google Talk, and QQ (implemented by installing the LWQQ plug-in Linux ). OTR will run in Pidgin as a plug-in. It will encrypt your information before sending it, and then the other party will automatically decrypt the information after receiving it, in short, it is transparent to users, so it is very convenient.

The following describes how to install and use Pidgin and OTR. @ Ivarptr.

1. Install Pidgin

Pidgin is also an open-source free program and can run in Windows and Linux. For OSX systems, you can use Adium based on the same kernel.

For Linux systems, Pidgin and OTR plug-ins are generally available in official sources. For example, for the Ubuntu system, search for Pidgin in the Software Center to find the two software. For Arch Linux, you can directly install the software packages pidgin and pidgin-otr. If you want to log on to QQ, then install the software package pidgin-lwqq. For more information, see the Arch Linux Pidgin Wiki.

For Windows systems, download the main program Pidgin, download the OTR Pidgin plug-in, and then install it in sequence.

2. Configure an account

Running Pidgin for the first time requires you to configure a chat account. Here you can enter the login name and password of MSN, AIM, Yahoo, Google Talk or QQ, you can see and chat with the contacts.

3. Activate and configure OTR

In the main Pidgin window, choose tools> Plugins, find the plug-in Off-the-Record Messaging, and click it.

Click "Configure Plugin" at the bottom of the window, and click "Generate" in the new window to Generate your own private key.

The key generation is completed in about 1 minute.

4. Try to use OTR to encrypt the chat

Now you should find a friend to help you test the OTR encryption. First, your friend should repeat the above steps and double-click its avatar to enter the chat window.

Click "OTR" in the menu of the chat window, and then click "Start private conversation". If the other party also installs OTR, an encrypted session is created. However, such sessions are prone to vulnerabilities because the other party may be infiltrated by a third party (that is, other people may pretend to be your friends). To improve the situation, you need to verify whether the other party is your own. Click "OTR" in the menu or click the button in the upper-right corner of the message sending box. Selecting "authentication" will display in the next window.

OTR supports three authentication methods:

    Q & A: you can set a question and an answer so that the other party can enter an answer based on the question. If the answer is exactly the same as the one you set, it passes verification. Dark signs: You set a dark sign (which can be a sentence). When the other party enters the same dark signs, it passes verification. Fingerprint Verification: when generating your key in step 1, if you observe it, you will find a fingerprint value (a string of letters, you can go to the OTR settings window again ), write down the fingerprint value, and then you can check the fingerprint value by phone with your friends. If the fingerprint value is the same, click the "checked" button to complete identity verification.

    You can choose one of the preceding three methods. After authentication, the button in the upper-right corner of the message sending box changes to "private )", this means that your sessions are securely encrypted.

    1. key pair has a long validity period. Although the third attacker cannot crack the chat content in real time, it can be recorded first. When copying a house, you only need to obtain the private key of one party) all the previous chat records can be restored. Even in the future, if the other party does not know that the Party's key has been leaked.
    2. Data integrity and non-repudiation of digital signatures are required in the current chat. However, in the future, if a key of a party is disclosed, in the past, the chat content of the digital signature was changed to "presenting evidence.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.