The Shœstring Foundation Weblog

The Shœstring Foundation Weblog, Miscellaneous Byproducts

Matthias Bauer
bauerm (at) shoestringfoundation · org
reop pubkey

Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.

Blosxom Logo

Wed, 17 Jul 2013

Off-the-Record Internet Relay Chat

As everybody but the worst conspiracy theorist knows, everything sent over the Internet is recorded and can be used against us (the buzzing noise you're hearing is an armed drone circling the building).

Encrypting e.g. Internet Relay Chat a la PGP would protect the message on the wire from eavesdropping. But if the message is recorded (which it is), then a compromise of the involved secret keys would allow decryption at a later date. And since thorough inspection of laptops at airports is routine, we can assume that keys do get compromised now and then. With classical public key crypto, the potentially incriminating content is also digitally signed, so it can be used as a strong evidence against the utterer.

Can we make conversations on the Internet more like private conversations, which are not normally recorded and where utterances are not signed? This was answered to the affirmative in Borisov, Goldberg and Brewer's paper Off-the-Record Communication . And there's an implementation.

A working constellation for OTR conversation on IRC consists of

  1. a pure Python implementation of OTR in the module python-potr
  2. weechat IRC client
  3. Python plugin for weechat
  4. script which adds a /OTR command to the standard IRC commands, to initiate OTR conversations etc.
There're other clients supporting OTR, e.g pidgin and irssi as packaged for various linux distributions.

For private conversations on IRC I would strongly suggest using OTR.

[/projects] permanent link