
Off-the-Record Messaging – encrypt your instant messages - prajjwal
http://www.cypherpunks.ca/otr/index.php
======
chrisballinger
I am the original author of ChatSecure [1], the only free and open source OTR
client for iOS devices. We also released an Objective-C wrapper around libotr
called OTRKit [2] to help other developers integrate their apps with the OTR
protocol. Gibberbot [3] is the equivalent program for Android devices, both of
which are currently supported by The Guardian Project.

1\. [https://github.com/chrisballinger/Off-the-Record-
iOS](https://github.com/chrisballinger/Off-the-Record-iOS)

2\.
[https://github.com/ChatSecure/OTRKit](https://github.com/ChatSecure/OTRKit)

3\.
[https://github.com/guardianproject/Gibberbot](https://github.com/guardianproject/Gibberbot)

~~~
13throwaway
How can we verify that the app on the App Store was compiled with the github
source? (So all the code can be examined.)

~~~
rorrr2
There's no easy way. Even if you do verify it, there's no guarantee Apple
won't push an update with a backdoor because NSA asked them to.

That's why it's better to use Crypto.Cat - its source is the executable.
Verifying the hash is enough to make sure the source code didn't change.

~~~
sneak
Even then, Apple could just keylog certain applications at the OS level,
cryptocat and unmodified-binary ChatSecure included.

~~~
rorrr2
Yes. Unless you're running an open-source OS and open-source hardware (and
trust the manufacturer and the compiler), you are not safe.

~~~
sneak
Though it's a lot easier to compel Apple to silently push a wiretap update to
a handset than to have, several months/year ago, engineered a secret backdoor
into a chipset...

You've gotta draw the line somewhere (unless you're rms). I would venture to
say an open source OS and applications on worldwide-deployed hardware in the
hundreds of millions count is probably safe enough for my purposes.

------
greyman
This is a nice technology, but if it is really supposed to protect you from a
serious thread, you first need to define, who your adversary is and how strong
are his capabilities.

For example, if your adversary is some big national agency, you are chatting
this way, but both of you don't anonymize yourselves properly, you could just
raise suspicion [since most people don't chat encrypted] and more surveillance
can be deployed against you.

To sum it up, the technology is good, but if it should be used for more than
an exercise, it must be combined with other protection.

~~~
greyman
Here is the article I read about this issue:
[http://grugq.github.io/blog/2013/03/12/anonymity-is-
hard/](http://grugq.github.io/blog/2013/03/12/anonymity-is-hard/)

"Hiding anomalous activity is hard, but vitally important. The problem with
many security systems based purely on secrecy is that their usage is itself
anomalous. It singles out and attracts attention to the users. If the
adversary doesn’t know who those users are initially, they can cross correlate
real world data with the suspicious activity and narrow their focus to real
people."

~~~
XorNot
This is how I use it. It's always there, it's always encrypted, so nothing
about my behavior will ever appear to change based on my IM traffic.

------
anologwintermut
Make sure you actually authenticate the key fingerprints. Note, doing this
over video chat (if you know what the other person looks like and sounds like)
with a fresh key pair is a decent way.*

* Assuming you believe no one has the resources to impersonate your chat partner in near real time.

~~~
myf
Or you can use the Socilalist Millionaires' Protocol to exchange secret
questions and answers that only both of you know
[http://www.cypherpunks.ca/otr/help/authenticate.php](http://www.cypherpunks.ca/otr/help/authenticate.php)

------
zobzu
Personally i find all OTR 'apps' inconvenient. Keys always change. Clients
aren't compatible across platforms. You end up just clicking "ok" all the time
to untrusted conversations because else you just can't talk to the other
party.

I like gpg based chats better for that reason, people tend to keep the same
key.. it works more or less everywhere (except phones somehow) AND.. if you
trust their keys you don't have anything to do _it just works_ , regardless of
being IM, email, or whatever else. One trust db. Not 100.

~~~
xnyhps
GPG for chat (at least XEP-0027) is much, much less secure than OTR. You have
no authentication of received messages, no defense against replay attacks or
dropped messages, no perfect forward secrecy. In my opinion, support for it
should be removed because it endangers people who think it is secure.

I would like to see an automatic way to use GPG to sign OTR keys, though. You
can create a message "My OTR fingerprint is abcdef..." and sign that, but it
would be nice if clients did that automatically. Or maybe even use the GPG key
itself instead of the OTR key...

~~~
mike-cardwell
I publish my OTR public key fingerprint on the front page of my website, which
is it's self signed using my private PGP key. On that same page, I provide
links to DDG searches of my fingerprints so people can see the multitude of
places that it has been indexed. It gets indexed in a lot of places because I
am active on several public mailing lists and the fingerprint is included in
the signature of all my emails. All of my emails are signed using the same PGP
key as the front page of my website.

[https://grepular.com/](https://grepular.com/)

EDIT: I just remembered, my HN profile also contains my OTR fingerprint, and
is signed using my PGP key.

------
tripzilch
A tip for anyone using this as a plugin for Pidgin: generating the keys
usually takes a lot of processing power, and needs to be done once per account
in Pidgin. The generating process triggers the first time you start messaging
someone that also uses OTR with that account, which is often an inconvenient
time (as you don't always know they use OTR beforehand). You can trigger the
key-generation for an account via the plugin preferences of OTR, that way you
can get that part done while you're not chatting.

------
drmr
I really hope the current work on irssi-otr will improve some things:
[https://github.com/cryptodotis/irssi-
otr](https://github.com/cryptodotis/irssi-otr)

Some bugs in the old 0.3 release are quite annoying.

------
moe
Sadly this breaks down horribly the moment you have multiple clients open in
parallel (e.g. desktop and laptop).

~~~
nym375
Have you tried recently? libotr version 4.0 (released last year) added
handling of this very issue. Both parties need to be running >=4.0, but it
shouldn't break down horribly in this scenario.

~~~
moe
I did indeed try with adium about a month ago. Don't know if adium hasn't
updated libotr yet or if my buddy had an older client.

He ended up having to block me on AIM because my adium instance at home went
into a resend-frenzy while I wasn't even at home...

------
melling
Isn't Blackberry Messenger secure? It'll be on Android and iOS soon.

~~~
brown9-2
I don't see how it can be if you aren't supplying your own keys.

