This is a sequel to my earlier post Beginners’ Guide to PGP which was the first in a series of posts aimed at introducing new bitcoiners to various encryption technologies. In this post we’re going to teach you how to use Off-the-Record messaging (OTR).
So what is OTR? Like PGP, it’s a cryptographic protocol designed to provide strong encryption of your communications. However, it shouldn’t be considered a competitor or replacement for PGP, more like a welcomed complement. Where PGP is often used to encrypt emails, files, and authenticate messages with digital signatures, OTR is an encryption protocol for real time chat. And unlike PGP, which can be a little daunting to learn and use securely, OTR is quite easy to setup and use and provides a pretty good user experience.
Under The Hood
Before showing you how to use it, let’s take a look under the hood. If you recall from the last post, PGP uses public-key cryptography. That is, one key (a public key) is used to encrypt a message and a separate key (the private key) is used to decrypt it. OTR, on the other hand, uses symmetric key cryptography where the same key is used to both encrypt and decrypt messages.
The first question we’d like to know is how is the encryption key communicated to both parties? After all, the whole reason you’re encrypting your communications is because your communication channel is insecure. You can’t exactly send your encryption key over Facebook messenger. To solve this problem OTR uses the Diffie-Hellman key exchange algorithm. In short, two parties are able to exchange secret keys in such a way that they can derive a shared AES (Advanced Encryption Standard) key that is impossible for an eavesdropper to decipher. The following diagram conveys the general idea.
Of course real world Diffie-Hellman doesn’t use paint, but rather some complex math that relies on the difficulty of discrete logarithm problems.
The benefit of this protocol is that it provides both perfect forward secrecy as well as deniability. By perfect forward secrecy we mean that the compromise of any long lived keys would not allow an attacker to decrypt past messages, even if he’s in possession of the ciphertext. This is because the protocol uses new keys for each message.
And since OTR doesn’t use digital signatures, it’s impossible for someone to prove that your message wasn’t forged. Using proper authentication methods, you can make sure the message wasn’t forged, but no one else can.
Finally, just like with PGP, there are no known feasible attacks on any of the algorithms used in OTR ― Diffie-Helman, AES, SHA1. That doesn’t mean someone wont find one in the future, but for right now it’s solid.
How To Use It
OTR can be used over any internet chat protocol ― AIM, Google Talk, Yahoo Messenger,etc. I my experience people find it most convenient to use it with Facebook messenger. This way you can use it with all of your existing Facebook friends and you don’t need to create a whole new buddy list. So how do you do it? First thing you need to do is download a chat client that is OTR compatible.
I use Pidgin on Linux and ChatSecure on my Android. Pidgin is available on Linux, Windows, and OS X. Mac users can also use Adium although, having never used it, I can’t vouch for it. ChatSecure is available for both iPhone and Android and can be downloaded directly from iTunes or the Play store.
To set up Pidgin with Facebook messenger is easy. Visit the facebook url below and click Pidgin at the bottom of the page. It will show you exactly how to setup pidgin.
A similar process is used on ChatSecure. Before you can use OTR you must activate the OTR plugin. Pidgin comes packaged with the OTR plugin pre-installed, but by default it isn’t activated. To activate it just click Tools>>Plugins and place a check next to Off-the-Record Messaging.
That’s it! Easy. You’re now setup to chat securely with your Facebook friends. Of course, you have to convince them to setup OTR as well, but that isn’t terribly difficult to do. To start an encrypted chat just click the “Not private” button in the chat window and then “Start private conversation”. Assuming your partner also has OTR running, the software will automatically perform the OTR handshake and encrypt your messages. The cool part is when you go back into Facebook after an encrypted chat secession, this is what you see…
The final thing you need to do to guarantee a secure connection is to authenticate your communication partner. While you don’t technically have authenticate as OTR will do its thing regardless, failure to do so could potentially open you up to a man-in-the-middle attack. This is an attack where you end up performing the OTR “handshake” with an attacker instead of your communication partner. The attacker could eavesdrop on your communications while forwarding your communications to your partner ― making you think you’re chat secession is secure. There are two ways to authenticate and prevent this from happening.
- You can compare fingerprints with your partner. Just like PGP, you’re encryption keys have fingerprints that look like this:
2674D6A0 0B1421B1 BFC42AEC C56F3719 672437D8
Of course, you cannot compare these over OTR, that would defeat the point. You need to find some other communication channel such as a telephone, video chat, in person meeting, etc.
- To avoid the inconvenience of comparing fingerprints over a separate channel, OTR incorporates a socialist millionaire protocol which allows you present a challenge question to your partner and mathematically verify the answer without actually sending the answer over the internet.
For example, you might ask your partner, “What did you order to eat when we had lunch on Monday?” As long as you both know something about each other that the NSA spook listening in doesn’t, then you can use this method to authenticate your partner. Once you’ve authenticated someone, you never have to authenticate again so long as you don’t lose control of the encryption keys (like in a computer crash for example).
So that’s it! Pretty simple. Now that you know how to use OTR, there’s really no excuse for sending messages in the clear.
Original content by Chris, copyleft, tips welcome