Cyber Resistance

Information Security Blog

Off the Record (OTR) encryption protocol

OTR is an encryption protocol, it protects from Eavesdropping from hackers or other unwanted outsiders. Commercial applications like Skype, Whatsapp and MSN have encryption that is easy to crack but is seems near impossible to crack OTR according to some sources close to the NSA.

Before I start writing any more, I do not urge people with bad intentions to use this program, but I am 100% supporter of a free internet without the constant fight of freedom as a citizen. We all know that privacy and internet do not go together anymore, but there are still ways to secure your communications, I just hope the governments focus on real threaths instead of spying on the whole global population… so far, my two cents.

 

What does OTR do ?

  1. OTR encrypts all messages from beginning to end, no-one will be able to read the contents.
  2. OTR requires your “chat-buddy” to authenticate himself, so you know you have the right person.
  3. OTR features Perfect Forward Secrecy (PFS)

Aspecially PFS makes OTR very powerful. PFS makes sure every chat is encrypted with an on-off temporary key. So if your laptop gets stolen, then your chat history or future chatsessions cannot be decrypted now more.

OTR has been a favorite in the world of cryptography for a while now, at the hackerscongres 31C3 in Hamburg, two journalists revealed that cracking the cryptography is called problamatic by the security agencies in the United States.

OTR can be used in combination with many existing chat clients such as AOL, MSN, Google Talk, Yahoo and even ICQ. It works on your laptop, smartphone and your tablet. OTR is a network agnostic protocol, this means that the protocol can be used independantly from the program, laptop or network on which you use it.

OTR is a form of encryption that is among the easiest to learn to understand.

If you want a way to secure your chats you need to involve other people as well, only this way the network of people can grow and a service like this could be more succesful then facebook messenger, skype, whatsapp and Google Talk.

Enthusiasts of OTR can setup their own secure chat channel and then urge other people to join it. But like all things, you have to invest some time in it to get it to work, OTR is quite easy but nothing happens by itself.

To use OTR you need a chatprogram, as a Linux or Windows user this can be preferably Pidgin. Download Pidgin . If you are a Mac user that Adium is the best choice. Download Adium.

If you want to use your smartphone or tablet then ChatSecure from the Guardian Project is the best choice. Look it its application in either the Google Play Store or the Appstore from Apple.

For a overview of all chatprograms that support OTR check out this Wikipediapage.

Al these chatprograms are made by small teams of programmers, therefor they can appear “raw” and not very userfriendly. Not as userfriendly then you are used to with commercial programs for instance. But all programs are under development and there is a lot of good documentation that can be found online if you have a question.

Adium and Chatsecure have OTR build-in, with Pidgin you need to download an extra plugin.

Download that plugin here.

Please note that if you want to chat secure, that not only yourself but also your friends need to use  a chat client that enables OTR.

Going dark

If you and your chat partner have installed a chat-client that enables OTR we can start to enable or active OTR. Every program works differently but encryption is often displayed as a lock symbol. Find this symbol and click on it.

The first time you do this, it will generate a key and an unique fingerprint. The key is meant to encrypt your messages, this key will change together with every (chat) session. Your fingerprint remains the same, the fingerprint is used to identify you as a person.

 

 

For instance my own fingerprint is F25DB6FA Q79287 56 876D8818 4PA99CY3 CB807EE3

This fingerprint is unique for me. If you would like to chat with me, you could compare this fingerprint within your chat app to verify it is me you are talking to. If both parties have checked these fingerprints you are sure you are talking to the right person and not my evil twinbrother in Soviet-Russia…

OTR is fueled by a group of volunteers. They currently work on a new version of OTR in which groups of people can talk to each other securely. Also they work on a function that you can receive messages when you are offline, like whatsapp for instance.

Those two functions are still missing, if these functionalities are being added it will become an alternative for all mainstream programms and services that are run by corporate american companies like microsoft or google.

If you care about your privacy and that of people in your circle then OTR is certainly a good way to do so, and with all free IT-services, if its free then you’re the product…..

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Cyber Resistance © 2017 Frontier Theme