How many of you ever thought about how secure your Chats are over Instant Messaging clients like Yahoo, Gtalk, Msn, AIM etc.? Are those chats encrypted or non encrypted which means they can be sniffed into when they are transmitted through the web from your IM client to the server and then to your friend or colleague’s IM client. Most of these chats are not encrypted except in few rare cases. So if you are concerned over its security part, you should find a IM client which uses encryption.
I will be talking about two applications which can provide you this encryption when you are using Instant messaging. First one is Pidgin (old GAIM which many of you know by) but with a additional Off-the-Record Messaging plugin and another is Bitwise IM personal edition. Both of these provide encryption while chat. I will cover Bitwise IM in my next post.
Pidgin with Off-the-Record Messaging
As many of you know Pidgin is an all in one easy to use and free chat client used by millions letting you connect to AIM, MSN, Yahoo, and more chat networks all at once. It lets you log in to accounts on multiple chat networks simultaneously. This means that you can be chatting with friends on MSN, talking to a friend on Google Talk, and sitting in a Yahoo chat room all at the same time. Pidgin runs on Windows, Linux, and other UNIX operating systems.
It also supports plugins and we will talk specifically about Off-the-Record Messaging plugin which adds the capability of Encrypting conversations and provides security even when keys are compromised. It works on AES128-CTR encryption model.
It provides :
- Encryption :- No one else can read your instant messages.
- Authentication :-You are assured the correspondent is who you think it is.
- Deniability :-The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
- Perfect forward secrecy :-If you lose control of your private keys, no previous conversation is compromised.
Check the image below to see what happens when OTR is not on.