Secure Instant Messenger (IM)

Instant messenger is a great way to talk with people.  There are many services out there that offer a convenient means of communicating with other people or you could even stand up your own server (XMPP).  When done correctly there is encryption between the client and the server, between servers, and an independent layer of encryption used to protect the communication end-to-end.  That end-to-end encryption layer also serves as an authentication mechanism so not only can you verify the server you are connected to but also the user you are talking with.

The system I use is a few pieces of software put together to make a single powerful tool: Pidgin and off-the-record (OTR) messaging plugin.  The Pidgin IM client will support pretty much any IM service including Google Talk, AIM, Yahoo! Messenger, IRC, and XMPP.  Pidgin is available for Linux, Mac, Windows, and anything else you can build the source on.  This covers the transport layer of the scheme.  Because Pidgin natively supports SSL and TLS it provides some protection for our communications.  Realistically, however, this only protects our communications over the wire between the client and the server.  Once at the server the communications are decrypted and may be re-encrypted for the next hop to the next server or to the client.  The protection is out of your hands.  Obviously an extra layer is needed.

The OTR messaging plugin provides that end-to-end encryption and authentication layer that is so important to protecting the communications.  In addition to the encryption and authentication, OTR also provides deniability and forward security.  The OTR plugin can be downloaded directly from the OTR site and detailed configuration instructions are also available.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s