Securing Instant Messaging

Tue 26 May 2009

More and more sensitive communications are occurring over unsecure instant messaging (IM) systems. These messages go through a third-party and can be read anywhere along the way. An easy, open-source solution does exist to help protect these communications, however.

First you need the IM client called Pidgin. This client works with virtually every IM service and is extremely easy to install and setup. Pidgin can be customized using plugins. The plugin you are looking for is named pidgin-encryption.

Once you install pidgin-encryption you have to go through a couple of steps to get it up and running but the steps aren't too complex. First you need to activate the plug-in. In Pidgin, goto Tools -> Plugins (or Ctrl-U) and when the plugin box appears scroll down to "pidgin-encryption" and check the "enabled" box to enable it. When you do this the first time it will automatically generate keys for the accounts you have setup in Pidgin. If you select the plugin the "configure plugin" button should appear at the bottom of the page and a screen will pop up with various options. These options are important for maintaining a secure environment.

The first tab on the screen is "config". I recommend selecting all of the boxes EXCEPT the "Accept conflicting keys automatically". The second tab is "local keys". This tab should show you all of your keys, one for each account. One change you could make on this screen is regenerating your keys to a higher bit. Default is 1028 but for maximum security I'd go for 4096. The third and forth tabs will contain keys of people that you talk to. These tabs will be empty until you make contact with someone or manually import someone's key (not required).

The encryption algorithm used is called RSA public-key cryptology. Don't worry, you don't have to understand how it works. Just know this type of cryptology algorithm is a tried and true method of securing information.

So now how do you encrypt your conversations? This is the easiest part. So your friend must be using this combination on the other side. Other than that requirement all you have to do is click the lock icon at the top of the screen which will enable the encrytion. Your public key will be sent across the link and as long as the lock is closed at the top of the screen your communications will be encrypted. That's it, you're done!

By Sparks, Category: Information Security

Tags: Encryption / Security / IM /