How To Use OTR On Linux

How To Use OTR On Linux

The software provides security by:
Encrypting chats
Ensuring that when chatting, you converse with a real person at the other end.
It doesn't allow the server to access your chats through logging in.
There are numerous ways of using the OTR on Linux. The most sought-after means is the use of the OTR plugin for Pidgin. Pidgin is a prevalent instant messaging client available for numerous Linus distributions. You can extend its abilities by use of other plugins which are installed separately.

Why should You use Pidgin + OTR? Anchor link

Usually, when you have a conversation on Facebook, Google Hangouts, or Facebook websites, the chat is usually encrypted by HTTPS. Simply put, your chats are protected from hackers or other third parties when on transit. But, Facebook or Google are in possession of your conversation keys. As a result, they can give them to authorities when there is a need.
When you install Pidgin, it's a bit different. You can log into your different accounts at the same time and effectively manage them with utmost security. You can use Facebook, Google Hangouts, and XMPP concurrently. Pidgin allows you to converse via these tools without the presence of OTR. OTR will only work when both parties are using the tools with all the partners having installed it. However, Pidgin doesn't require that.
Besides, Pidgin gives room for a person to do out-of-band verification that ensures you are talking to a real person. It bars people from the MITM attack by showing key fingerprints verification options for the person to confirm they're human.

Limitations of Using Pidgin + OTR? Anchor link

Pidgin is deemed to have a large attack surface. It implies that its technology is susceptible to external attacks. Though Pidgin is a complex program, they didn't give security features the needed attention when developers were writing it. It has bugs that are vulnerable to pilferages where big companies or governments can easily break into to collect information.  When using Pidgin for encryption purposes, it offers great defense against spying on an individual's online conversations. But when you want security against well-resourced attackers like the government, then consider other stronger precautions.

How to Install Pidgin and Pidgin OTR Anchor Link?

Pidgin and OTR plugins work in a similar way for every Linux distribution. Though it may seem similar in many instances, there are some differences. And the biggest difference is finding the way to installing Pidgin and Pidgin OTR.
When using Mint 17 that offers Pidgin by default and provides Pidgin OTR at its Mint Software, consider this process:
Install pidgin-otr on the mint, then click Mint Menu and choose the icon written Mint Software Center.

A window will open up and ask for a password which you should enter, then click 'OK.'

The main Software Center Window will open up.

Search pidgin-otr, then click enter. Double-click the pidgin-or to read more about it.

Click on the install button to install the pidgin-otr.

Configuring Pidgin Anchor Link

To configure Pidgin, click on the Mint Menu, move to the internet section. From here,  select "Pidgin Internet Messenger" From the detailed menu.

Add an Account Anchor Link.

When Pidgin launches, a welcome window will pop up with an option to add an account. Click on the “Add” button since you don’t have an existing configured account.
After the add account window, select the XMMP option and enter your username.
Proceed to enter your XMMP account domain then create a password then enter it.
Consider saving the password to your Pidgin if your computer is not vulnerable to hacking. Or, consider not saving it to stay safe.

Add the Buddy Anchor Link

From there, you’ll have to add some buddy to chat with. Select the Buddies menu and click on add buddy.

After the window opens, enter the buddy's username, which requires the person to use the same protocol like XMMP. Remember to enter buddy's username using a domain name that looks like an email address, then click "Add."

Configure The OTR Plugin Anchor Link

You will then configure the OTR plugin to chat securely. Click on the "Tools Menu" and then select the Plugins option.

Scroll to the OTR messaging option, then enter the "Configure Plugin" option. A window will pop up, then click the "Generate" button. It will generate a key, and when it's complete, click "OK."
Some information with 40-characters will come up. This is the OTR fingerprint you should write down on your records then close the button.

The Chat Securely Anchor Link

After configuration, you're an inch to private conversations. In the chat window, it will still indicate not private in red color. Consider clicking the Not Private button, and a menu will come up to start a private conversation.
Proceed to click on the unverified button, then select the "authenticate buddy" button. Another window will open and ask how to authenticate your buddy. The three options include:

Shared secret Anchor link

This involves a specific phrase or text you and the buddy have agreed to use prior. You may have discussed it with the person early enough, and everyone is conversant with it for use.
Use it with your buddy at the same time, then click authenticate for verification.

Manual fingerprint verification

Here you will be required to give your buddy’s fingerprint and authenticate if it matches.

Question and Answer

This verification is based on what you agree with your buddy, like memory or an event both of you know.
You enter the question and answer, then authenticate after completion. Your buddy will have a window open up and click authenticate for everything to be successful.

Incorporating Other Software Anchor Link

The mechanisms needed to verify the authenticity ought to work between different conversation software like Pidgin, Jitsi, Kopete, and Adium. It's not right to use a particular chat software over OTR and XMMP; however, sometimes errors occur in the software. Like Adium, a conversation software for OS X, has an error in verifying Questions and Answers. And you may find a problem doing verification through the Question and Answer. In this case, confirm if it’s using Adium and consider using another method of verification.