[funsec] Some Good Advice: OTR - Secure Chat

Paul Ferguson fergdawg at netzero.net
Mon Nov 26 01:09:01 CST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I mentioned this on another list, and neglected to mention it here.

If you've already heard or (and use) OTR, then please disregard. :-)


[snip]

Off-the-Record (OTR) Messaging allows you to have private
conversations over instant messaging by providing:

- -Encryption
 No one else can read your instant messages.

- -Authentication
 You are assured the correspondent is who you think it is.

- -Deniability
 The messages you send do not have digital signatures that are
 checkable by a third party. Anyone can forge messages after a
 conversation to make them look like they came from you. However,
 during a conversation, your correspondent is assured the messages
 he sees are authentic and unmodified.

- -Perfect forward secrecy
 If you lose control of your private keys, no previous
 conversation is compromised.

[snip]

For what its worth, The AIM/ICQ plug-in works wonderfully for
Trillian. :-)

More:
http://www.cypherpunks.ca/otr/

FYI,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHSnELq1pz9mNUZTMRAqQEAJ9KVHd5fpT78UPH1uOMvS0kerIpaACgsytd
P/MwmrqwAeipDXAJh1X5qtU=
=T+aB
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the funsec mailing list