Encrypted Chat Clients

From InfoAnarchy
Jump to: navigation, search

See Also: Chat Clients | Cryptography | Encrypting Your Chat

Inspired and credited to karellen's recent infoAnarchy article.

Allow you to text chat online without any worries of eavesdropping by your ISP, workplace, or other entity in an interconnected network. Instant messaging tools and IRC connections are one of the least secure communication tools available. While not yet perfect, the tools listed below make the process of chatting online more secure and anywhere from very anonymous to confirming your identity using digital signatures.

Problem: There's too many to chose from below - which one do I pick?
Answer: So far, there is no standard in IM security yet so the person you are talking to must download and install the same client you have. See the "Tested" group below for suggestions.

If you have tried an IM client, please share your experience on the discussion page.


Tested

  • OTR (Off-the-Record Messaging) www.cypherpunks.ca/otr - Off-the-Record (OTR) Preferred iA system, provides Cross-Platform messaging allows you to have private conversations over instant messaging by providing: Encryption; No one else can read your instant messages. Authentication; You are assured the correspondent is who you think it is. Deniability; The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. Perfect forward secrecy; If you lose control of your private keys, no previous conversation is compromised.
  • AIM - One of the most popular IM clients, it is also the most attacked by programs like AIMSniff. As of AOL's Windows IM client 5.2+, users have access to encrypted communications. If you don't wish to spend any money on a real security certificate, AIMEncrypt.com offers their own self-signed cert (SSL-based). However, the description on their site gives the impression that they know nothing about encryption, merely a distribution point for their certificate.
  • Filetopia www.filetopia.com - Available for Windows and WINE emulation - a peer-to-peer service that includes a fully encrypted interface to its growing network. Under gradual, continual developed, this service is ambitious, attempting to offer secure voice communication as well as secure file sharing service and secure chat. Probably the easiest encrypted chat client available. However, there is no way to confirm a person's identity online, as with some PGP and GPG-enabled clients.
For Internet connections that block specific file-sharing ports, Filetopia allows the use of random port selection.
For GAIM encryption plugin, once installed, go into "Plugins" under "Preferences" and chose the checkbox next to Gaim-Encryption. The rest of the process is seamless. See the GAIM Encryption Plugin for more information.
  • WASTE - A beta-release software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users. Provides instant messaging, group chat, file browsing/searching, file transfer.
Test Results: this system works if one user has a traceable IP address. For instance, users behind an ISP-controlled NAT may be unable to use this system. Requires a dynamic dns system like http://www.no-ip.com or http://www.dyndns.org
"Open-source, GPL multi-protocol instant messenger client that uses very little memory and is extremely fast. Requires no installation and can be fit on a single floppy. Its powerful plugin system makes Miranda IM very flexible. Only the most basic features are built in, but there are currently more than 150 free plugins available for download that allows users to extend the functionality of Miranda IM."
Test Results: Testing shows that two plugins SecureIM and GPG do function but require some effort to enable. Non-technical users (most people) may flinch at the setup time involved. (As of Feb 2004)

Untested:

Multi-Platform

  • SILC - Secure Internet Live Conferencing silcnet.org - A stable protocol, toolkit, server and client implementations using public key cryptography to confirm identity; Alice can also make sure she's chatting with Bob and not anyone else.
  • Jabber client with SSL Jabber.org Clients with SSL capability that can also communicate with users of other instant messaging systems (AIM, ICQ, Yahoo, MSN, etc), though not securely. Only other Jabber clients will be able to connect securely. IRC is advertised, it largely doesn't work and some installation tests so far have been buggy.
Supporting Clients:
  • IMpasse - www.im-passe.com (commercial, for-cost tool) works for AIM, Yahoo, and MSN
  • Project SCIM (Secure Cryptographic Instant Messaging) projectscim.com - Free, Java-based Public Key software for many operating systems (Mac, Windows, UNIX, etc). Allows for peer-to-peer communications which will not involve SCIM's central server.
  • PSST psst.sourceforge.net - Unmaintained, encrypted, peer-to-peer voice and text chat without central server. Works on Windows, Linux and DOS. The development of this project seems to be stopped but it is opensource so it is possible to take the sources to add some features.
  • AESpad https://aespad.com/ Encrypted secure online chat. JS/ajax app; no download required. Messages are encrypted with AES-256 against a pre-shared key in javascript before being sent to the server.

Windows-Only

  • SIMP - winfosec.com/simp.php a blessedly simple program that allows secure chat connections. Free for commercial or non-commercial use, no registration, no central server, no advertisements, and open-source (although the license concerning future development is unclear). Requires:
1. Have a mutual password with the other person (not a [[Public-Key Cryptosystem|public key] system) and ...
2. You know your IP address and the address of your recipient. That's it!
  • Simp Pro secures your MSN, Yahoo!, ICQ, AOL instant messenger, Jabber and Google Talk clients.

For corporate environments and more demanding users, SimpPro encrypts and authenticates messages as well as file transfers (MSN Messenger only), making it the most comprehensive instant messenger security add-on. It is also easily administered using GPOs.

  • With Simp Lite, free version of the Simp product line, you can secure one of the following services:

MSN Messenger, Yahoo! Messenger, ICQ/AOL Instant Messenger (AIM), Jabber/Google Talk. Fully compatible with Simp Pro and Simp Server.

  • Crypto Heaven www.cryptoheaven.com - (commercial, for-cost tool) - some very nice features for businesses or organizations that need a secure community solution including medical establishments with its HIPAA compliance.
  • Encrypted Messenger - www.secureshuttle.com - an apparently free service that provides a secure messaging tool and many other features including secure file transfer, secure voice messaging, IRC-style "rooms," or meeting places for groups.

Mac OS X only

Non-Windows (*NIX)

  • KVIRC www.kvirc.net - KDE IRC client in the beta stage with SSL support, including DCC file-transfer and certificates. Check the FAQ for information on the SSL features. May require IPv6 compliance.
  • Irssi Irssi.org an IRC client with SSL support. Also there are various scripts for using encrypted IRC between queries and channels.

Related: