• This forum actively discusses syntheses of psychoactive substances. Our forum is engaged in a research activity and does not encourage anyone to produce, distribute or use drugs! If you are less than 18 years old, leave BB forum immediately!

How to create encrypted conversations in Jabber using OTR

HEISENBERG

Administrator
Staff member
ADMIN
Joined
Jun 24, 2021
Messages
1,263
Reaction score
512
Points
113
2021 08 24 12 04


For many years of good work, the Jabber protocol has managed to prove itself as one of the most convenient methods of secure data exchange. Its architecture allows you to efficiently hide correspondence from prying eyes and, with the right settings, it almost excludes the possibility of data interception by third parties. In this step-by-step guide, you will learn how to use Jabber technology to secure your online communication.

Why use Jabber?​

Jabber is a next-generation fast messaging system based on the open XMPP protocol that has extensive encryption capabilities. The network has a decentralized structure: it does not belong to anyone and consists of many servers that anyone can open if they want — be it a large company or a lone enthusiast. At the same time, disruptions in the operation of one of the servers will not affect the correct operation of the entire network in any way.

Another advantage of the protocol is its extensibility: if desired, new functions can be added to Jabber without impacting compatibility with old programs. In addition, the use of this messaging system is free.

Step 1: installing the Jabber client.​

To use the protocol, you need to download and install one of the clients on your device. The most popular of them are: Pidgin, Psi +, Adium and Xabber. A complete list of services for using the Jabber network can be found here.

We'll describe installing the Pidgin client on an Ubuntu platform. The Pidgin package is available in the standard Ubuntu repository. (To install it on other operating systems, we should go to the official website of the project and download the installation file).

It is better to make sure all system packages are up-to-date before proceeding with the installation. To do this, open a terminal (Ctrl + Alt + T) and enter the command as follows:

sudo apt update
sudo apt upgrade

Now we may proceed to installation of Pidgin. To do this, we enter the following command:

sudo apt install pidgin

After these steps, the Pidgin client will be installed on your device. Now you need to forward its traffic through the Tor network.

2021 08 24 12 05


This can be done in the registration window in the «‎Proxy»‎ tab.

After launching the Tor browser and client, in the settings you need to find the item «‎Proxy»‎ and put a check in front of the item «‎Use remote DNS with SOCKS4 proxy», and in the item «‎Proxy type»‎ you need to select «‎Tor / Privacy (SOCKS5)»‎.

Next, in the «‎Node«»‎ item, specify 127.0.0.1 and select port 9150. This is the standard Tor port, although a variation of 9050 is sometimes found.

Now, before launching the client, for its correct operation, you need to launch the Tor browser!

Step 2: Registration of an account and setting up the encryption.​

To create an account, you should go to the «‎Add an account»‎ item, after which the registration field will be open for you. There you need to select the protocol (XMPP), come up with a name and decide on the server that you will use.
2021 08 24 12 06


It is better to choose servers whose owners declare that they do not keep logs. And although it is impossible to verify this, there are still some criteria for selection. Best of all is to give preference to countries where it is prohibited by law to collect logs. It is better not to select servers, registered in the EU, USA as well as in the country where you live.

Next, we come up with a strong password for the account. Now you can go to the encryption settings.

There is no strong encryption in XMPP by default, but it can be easily added. First, let's look at the popular and easy-to-use OTR algorithm. It provides a high level of security, but while using it, messages in the logs are being not encrypted, so for reliability it is better to disable them.

To configure OTR encryption, in the «‎Tools‎»‎ item, select «‎Plugins» ‎and activate the Off-the-Record (OTR) plugin.

Next, we need to configure this plugin. To accomplish this, at the very bottom of the list of plugins, click «‎Configure Plugin»‎. In the module settings window, we first need to generate a key for our account. Select the account for which you want to create a key, and click «‎Create»‎. The key generation window will appear. When the work is over, press Ok and you will see your «‎fingerprint»‎ of forty characters.

The following items should be ticked in checkboxes:

• Enable private messaging.

• Automatically initiate private messaging.

• Require private messaging.

• Don’t log OTR conversations.

• Show OTR button in toolbar. It simply adds a chat protection and interlocutor authentication button to the interface.

Encryption will now be available in your client! Before starting a conversation, do not forget to enable it (the security status can be viewed in the chat window).

Jabber. Encryption and clients
 
Last edited by a moderator:

HEISENBERG

Administrator
Staff member
ADMIN
Joined
Jun 24, 2021
Messages
1,263
Reaction score
512
Points
113
Jabber. Encryption and clients.

Encryption.​

OTR (Off-the-Record-Messaging) is a cryptographic protocol, that uses the AES symmetric encryption algorithm. It is supported by majority of clients. It cannot be used in conferences/group chats. For operation of the protocol, it is required that the interlocutor should be online.

OMEMO is the youngest of all (2015). A distinctive feature for an ordinary user is that the protocol allows you to send a message to the interlocutor even if he/she is offline. It allows you to encrypt files.

GPG — Everyone is familiar with the encryption method. The oldest among the above. Like OMEMO, it allows you to write to the interlocutor offline. GPG can be used for symmetric encryption, but it is mainly used for asymmetric encryption of information. It allows you to encrypt files.

Jabber clients (xmpp).​

Ψ PSI / PSI+​

Open Source.
HWmIOZi0r5

Very popular and stable client.

Encryption support: OTR, GPG, OMEMO.

(In some cases, it is required to download encryption plug-ins additionally).

Platforms: Windows, * nix systems.

Pidgin.​

Open Source.
WIKZNkE8F0

Not a less popular client, it is preinstalled on many systems, including Tails OS. It works stably and without lags. It is regularly updated.

Encryption support: OTR, GPG, OMEMO.

(In some cases, it is required to download encryption plug-ins additionally).

Platforms: Windows, * nix systems.

Coy.IM.​

Open Source.
JUSXfYptHi

It is a relatively new XMPP client. It is not similar to all the previous ones.

By default, it connects via TOR (*this option may be made disabled).

During installation, the client itself will require you to come up with a code, without which you cannot run the application.

The application still has not passed a security audit, as the developer informs us on the site:

“Not yet audited. Do not use for anything sensitive. 'Not yet audited' means that Coylm is still under active development. There have been no security audits of the code, and you should not currently use this for anything sensitive".

However, Coy.IM is one of the pre-installed jabber clients in KodachiOS.

Encryption support: OTR

Platforms: Windows, * nix systems, macOS.

Adium.​

MacOS only client. It has not been updated for a relatively long time and at the moment it is not stable, but it performs its main function. Therefore it is on the list.
T58lLsdYFM

Encryption support: OTR.

Platforms: macOS.

Wime.​

Open Source.
PvWDnKRbuI

Fork PSI + from whoer. Reworked a lot. Convenient and stable psi + option. Completely portable.

Encryption support: OTR, GPG, OMEMO.

Platforms: Windows, * nix systems, macOS.

Clients for mobile devices.​

Xabber.​

Open Source.
G3Sw4dO8uc

XMPP client for the Android operating system. It is developed as an open-source project.

Very stable and easy to use.

It has a web version for the browser, but encryption is not available in it.

Encryption support: OTR.

Platforms: Android.

Conversations.​

Open Source.
NW539s2ket

XMPP client for the Android operating system. Designed as an open-source project. Very stable and easy to use.

Encryption support: OMEMO, OPen PGP.

Platforms: Android.

Chat Secure.​

The most popular client for iOS.
RK1uDaPvwj

It’s being updated regularly, operates stably.

Encryption support: OTR, OMEMO.

Platforms: iOS.
 
Last edited by a moderator:

Saul

Active member
Sponsor
Joined
May 1, 2022
Messages
185
Reaction score
37
Points
28
You also can use jabber online true tor browser.
some people don't like it to install programs for chat
 

KokosDreams

Active member
Premium
Joined
Aug 16, 2022
Messages
422
Solutions
1
Reaction score
121
Points
43
You also can use jabber online true tor browser.
some people don't like it to install programs for chat
Definitely!

I am wondering if the XMPP client for android would work along computer too, but it should..
Xabber would only work in a browser application without encryption, which would make it less suitable

It would be lovely to have an XMPP supporting client for phones that would support PC aswell live.
 

KokosDreams

Active member
Premium
Joined
Aug 16, 2022
Messages
422
Solutions
1
Reaction score
121
Points
43
You also can use jabber online true tor browser.
some people don't like it to install programs for chat
Definitely!

I am wondering if the XMPP client for android would work along computer too, but it should..
Xabber would only work in a browser application without encryption, which would make it less suitable

It would be lovely to have an XMPP supporting client for phones that would support PC aswell live.
 
Top