houseforge recommendation December 2007: Protection

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

<< < (3/6) > >>

gjehle:
Messages are encrypted before sending, and are decrypted before displaying them to the user. So, again, the evil MIM (man in the middle) cannot peep in to find out what you are talking about.-housetier (December 13, 2007, 05:35 AM)
--- End quote ---

i just want to point out some important details

neither mircryption, fish, nor otr are safe from a man in the middle (MITM) attack.
same holds true for pgp, and therefor gnupg.
the wikipedia article mentions OTR as a counter measure against mitm, this is not true

this is not a problem with the encryption itself, but with the way keys are exchanged / agreed upon.

fish and mircryption use (can use) DH1080 (which is straight forward diffie-hellman key agreement) to exchange secrets.

to work around mitm attacks one has to establish a truly secure channel to exchange secrets, or part of a secret.
for instance, meet in person and exchange keys in a safe/secure environment.

to make it more difficult for eavesdroppers one can use multiple weak security channels to transmit parts of the secret
with the intend of making the exchange happen in so many places at once, that it's too complicated to wiretap all channels.

anyways, nice article housetier!
and to everyone: protect your privacy!

gjehle:
Hmmm, can we get Microsoft to use encryption in Windows Live Messenger? (That would be the only way to have encrypted communications with ALL my contacts in MSN).-Lashiec (December 17, 2007, 07:09 AM)
--- End quote ---

use pidgin
i use pidgin for all my IM contacts, specifically: icq, aim, yahoo, msn, jabber
should work also with miranda, or, if you like it non-free: trillian

housetier:
Hmmm, can we get Microsoft to use encryption in Windows Live Messenger?
-Lashiec (December 17, 2007, 07:09 AM)
--- End quote ---

I dunno what you can do to make Microsoft do anything, but you can use miranda and its plugins for OTR and GnuPG.

Lashiec:
Yes, but what I was talking about is what housetier mentioned: if the other part doesn't use the plugin, you can't encrypt the information you're sending as well. Practically all my friends use WLM, except one who uses aMSN, and another who uses Adium (when he's on the Mac, anyway), and WLM is not exactly the privacy champion, more the opposite <_<

I use Miranda for everything, so no problem there :)

gjehle:
Yes, but what I was talking about is what housetier mentioned: if the other part doesn't use the plugin, you can't encrypt the information you're sending as well. Practically all my friends use WLM, except one who uses aMSN, and another who uses Adium (when he's on the Mac, anyway), and WLM is not exactly the privacy champion, more the opposite <_<

I use Miranda for everything, so no problem there :)
-Lashiec (December 17, 2007, 07:24 AM)
--- End quote ---

if they value privacy, they will switch to a client that allows more security.

there is also OTR support for adium.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version