Internet Communications Security/Instant Messaging
Add or edit subsection:
|Section of||Internet Communications Security|
- Last modified: 6 August 2013 17:18:20
- русская версия
- Russian version: Обмен мгновенными сообщениями
- Last modified: 6 August 2013 17:18:21
Instant Messaging is a very popular common way of communicating with friends and colleagues. However it is incredibly vulnerable to the world of Internet surveillance, password sniffing and impersonation. Secure IM uses similar principles to secure email for establishing private conversation.
Installation & configuration
Standard install of Pidgin client. Alternatively you can run the portable version with the plug-in already installed and configured. Add the participants Google account into Pidgin, making sure that SSL connections are forced.
Pidgin does not support audio or video capabilities.
Notes for later addition
Demonstrate how to add, authorise buddies in Pidgin and let the participants register each other, initiate IM sessions between each other. Security features such as chat logging, remembering the account password, privacy settings. How to add additional accounts for different IM protocols.
Trainer's notes: The next exercise will require people to chat with each other, so participants in the class need to add each other to contacts.
Off the Record Messaging
Generate a key for this identity. Examine its fingerprint. Discuss and demonstrate how to lead secure, and authenticated chats with OTR. Participants should engage in secure and authenticated chats with the trainer and each other. Attempt file sharing over an encrypted channel.
- OTR does not support group chats.
- You could demonstrate message security by showing network sniffing tools (e.g. wireshark) to demonstrate the encryption. Alternatively you could demonstrate the Pidgin+OTR conversation in Google Talk window where the messages will appear scrambled.