Hacker News new | past | comments | ask | show | jobs | submit login
Off-the-Record Messaging – encrypt your instant messages (cypherpunks.ca)
139 points by prajjwal on June 15, 2013 | hide | past | favorite | 33 comments



I am the original author of ChatSecure [1], the only free and open source OTR client for iOS devices. We also released an Objective-C wrapper around libotr called OTRKit [2] to help other developers integrate their apps with the OTR protocol. Gibberbot [3] is the equivalent program for Android devices, both of which are currently supported by The Guardian Project.

1. https://github.com/chrisballinger/Off-the-Record-iOS

2. https://github.com/ChatSecure/OTRKit

3. https://github.com/guardianproject/Gibberbot


Does ChatSecure handle conversations moving from desktop to phone?

I have an android phone with gibberbot, so its an academic question, but that very scenario has been a pain for me.

Do you think the up coming work on multi party OTR helps solve this problem?


OTRv3 [1] has been designed to somewhat help the problem of differing instances and has been available since libotr 4.0.0, but in practice I haven't found a good way to solve the UI/UX problem in a user friendly way. The latest beta builds of Gibberbot support the transfer of private keys from desktop to mobile, but I haven't tested it, or how well it works to transfer a conversation from one device to another.

mpOTR [2][3] is designed to solve a different problem, and I believe development has been stalled because the current design doesn't allow chatrooms to scale to large numbers of people.

1. http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html

2. http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf

3. https://github.com/cryptocat/mpotr


How can we verify that the app on the App Store was compiled with the github source? (So all the code can be examined.)


You could theoretically clone the source, check out the release tag, compile it, and then compare the checksum of the binary of the .app file, but I'm not sure if that would even generate the same exact file or not. You might also need a jailbroken device to decrypt and extract the App Store binary.

If you really want super paranoid level security, communicating digitally is probably not your best bet anyway.

Here's the SHA1 checksum of the compiled binary from the latest release (2.0):

f9347ae51c3276f4b34fba0be7c0648f20c8c11e /Applications/ChatSecure.app/ChatSecure


> super paranoid level security

Considering the fact that Apple is in the NSA wiretapping program and involved in secret tracking [1], don't you think it's unfair to call someone who's asking a way to verify if Apple isn't messing with the code "super paranoid"?

[1] https://en.wikipedia.org/wiki/IPhone#Secret_tracking


There's no easy way. Even if you do verify it, there's no guarantee Apple won't push an update with a backdoor because NSA asked them to.

That's why it's better to use Crypto.Cat - its source is the executable. Verifying the hash is enough to make sure the source code didn't change.


Even then, Apple could just keylog certain applications at the OS level, cryptocat and unmodified-binary ChatSecure included.


Yes. Unless you're running an open-source OS and open-source hardware (and trust the manufacturer and the compiler), you are not safe.


Though it's a lot easier to compel Apple to silently push a wiretap update to a handset than to have, several months/year ago, engineered a secret backdoor into a chipset...

You've gotta draw the line somewhere (unless you're rms). I would venture to say an open source OS and applications on worldwide-deployed hardware in the hundreds of millions count is probably safe enough for my purposes.


I would love to use Crypto.cat, but there is not a mobile app yet. When there is a mobile app it will have the same problem.


Why don't you charge for your iOS app? Is it because you expect that somebody would recompile the sources and charge less? You still have to worry about fraudsters.


ChatSecure will always remain free of charge to ensure that everyone in the world has unrestricted access to privacy technology. The project is mostly funded by very generous grants, so there is no need to "monetize" the project.

The amount of money we could make by selling the app directly to users wouldn't even begin to support the actual cost of producing and supporting the software.


I know it's not necessarily an accurate selling value of the application, but you could just charge $.99. That would probably head off a lot of the recompilers by making it not-so-worth-it. You never know, though. People will try anything.


See my response to parent here: https://news.ycombinator.com/item?id=5886613


Thank you for writing this. Do you have a bitcoin donation address with which we can compensate you for your time and service?

I still don't trust it, as the binaries come via the App Store (and without paying another $100 I can't build/install them myself), but it's good that someone's taken the first steps.


You can install on your device if you jailbreak. But you should be using android if you want that kind of control anyway.


I don't want that kind of control, I just want to be able to install software of my choosing. All of the rest of "that kind of control" is time-wasting folly.


This is a nice technology, but if it is really supposed to protect you from a serious thread, you first need to define, who your adversary is and how strong are his capabilities.

For example, if your adversary is some big national agency, you are chatting this way, but both of you don't anonymize yourselves properly, you could just raise suspicion [since most people don't chat encrypted] and more surveillance can be deployed against you.

To sum it up, the technology is good, but if it should be used for more than an exercise, it must be combined with other protection.


Here is the article I read about this issue: http://grugq.github.io/blog/2013/03/12/anonymity-is-hard/

"Hiding anomalous activity is hard, but vitally important. The problem with many security systems based purely on secrecy is that their usage is itself anomalous. It singles out and attracts attention to the users. If the adversary doesn’t know who those users are initially, they can cross correlate real world data with the suspicious activity and narrow their focus to real people."


This is how I use it. It's always there, it's always encrypted, so nothing about my behavior will ever appear to change based on my IM traffic.


Make sure you actually authenticate the key fingerprints. Note, doing this over video chat (if you know what the other person looks like and sounds like) with a fresh key pair is a decent way.*

* Assuming you believe no one has the resources to impersonate your chat partner in near real time.


Or you can use the Socilalist Millionaires' Protocol to exchange secret questions and answers that only both of you know http://www.cypherpunks.ca/otr/help/authenticate.php


Personally i find all OTR 'apps' inconvenient. Keys always change. Clients aren't compatible across platforms. You end up just clicking "ok" all the time to untrusted conversations because else you just can't talk to the other party.

I like gpg based chats better for that reason, people tend to keep the same key.. it works more or less everywhere (except phones somehow) AND.. if you trust their keys you don't have anything to do it just works, regardless of being IM, email, or whatever else. One trust db. Not 100.


GPG for chat (at least XEP-0027) is much, much less secure than OTR. You have no authentication of received messages, no defense against replay attacks or dropped messages, no perfect forward secrecy. In my opinion, support for it should be removed because it endangers people who think it is secure.

I would like to see an automatic way to use GPG to sign OTR keys, though. You can create a message "My OTR fingerprint is abcdef..." and sign that, but it would be nice if clients did that automatically. Or maybe even use the GPG key itself instead of the OTR key...


I publish my OTR public key fingerprint on the front page of my website, which is it's self signed using my private PGP key. On that same page, I provide links to DDG searches of my fingerprints so people can see the multitude of places that it has been indexed. It gets indexed in a lot of places because I am active on several public mailing lists and the fingerprint is included in the signature of all my emails. All of my emails are signed using the same PGP key as the front page of my website.

https://grepular.com/

EDIT: I just remembered, my HN profile also contains my OTR fingerprint, and is signed using my PGP key.


A tip for anyone using this as a plugin for Pidgin: generating the keys usually takes a lot of processing power, and needs to be done once per account in Pidgin. The generating process triggers the first time you start messaging someone that also uses OTR with that account, which is often an inconvenient time (as you don't always know they use OTR beforehand). You can trigger the key-generation for an account via the plugin preferences of OTR, that way you can get that part done while you're not chatting.


I really hope the current work on irssi-otr will improve some things: https://github.com/cryptodotis/irssi-otr

Some bugs in the old 0.3 release are quite annoying.


Sadly this breaks down horribly the moment you have multiple clients open in parallel (e.g. desktop and laptop).


Have you tried recently? libotr version 4.0 (released last year) added handling of this very issue. Both parties need to be running >=4.0, but it shouldn't break down horribly in this scenario.


I did indeed try with adium about a month ago. Don't know if adium hasn't updated libotr yet or if my buddy had an older client.

He ended up having to block me on AIM because my adium instance at home went into a resend-frenzy while I wasn't even at home...


Isn't Blackberry Messenger secure? It'll be on Android and iOS soon.


I don't see how it can be if you aren't supplying your own keys.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: