How to keep secret correspondence. Part 2
In our blog, we often talk about our own cases - we write about how a business works with IaaS. In addition, we turn to the Western experience in the field of expertise.
For example, we told:
Today, we will continue our acquaintance with the leadership of one of the authors of The Intercept, who provided a detailed analysis of how to conduct correspondence using encryption methods.
')
/ Photo: Wendelin Jacober CC
If you would like to skip reading and go straight to practical actions, you can use the relevant section in Mick Lee's guide:
To get started, you need to create an account in Jabber using the Tor browser. We talked about this a bit in the first part .
Pidgin is used to work on Windows and Linux. Setting up this software likewise requires the background work of the Tor browser. Every time you need to do something with accounts in Jabber, your Tor browser should be running in the background.
For Linux, pidgin, pidgin-otr, and tor packages are required.
In Pidgin, in the Buddy List window, select Manage Accounts and Add Account.
Further:
If everything is done correctly, you should see the "List of interlocutors" window with the status "Available" (Available).
Creating Encryption Key (OTR):
After the start of the exchange of encrypted messages, you can see the fingerprint of your interlocutor's key, and he can see yours. If the fingerprint you were given matches the fingerprint that is displayed in Pidgin, then this contact can be marked as reliable. If the key prints do not match, it means you have been attacked by a middleman . In this case, do not mark the contact as reliable, but try to repeat the procedure a little later.
The “Question and Answer” and “Secret Word” methods work well here. For simplicity, you can simply confirm the OTR fingerprint on an external channel (not in the current chat), compare the fingerprint symbols and mark the contact as trusted. When these conditions are met from both sides, the status of the conversation will change from “Unverified” to “Private”.
Additional instructions for setting up anonymous messaging on other platforms are provided in the Mick Lee general guide .
For example, we told:
- how Spotify scales the Apache Storm ,
- considered hardware for deep learning ,
- talked about an example of optimizing bandwidth on Ethernet networks ,
- about how the Airbnb engineering team “crashed” the main database
- and began to talk about anonymous correspondence (part 1).
Today, we will continue our acquaintance with the leadership of one of the authors of The Intercept, who provided a detailed analysis of how to conduct correspondence using encryption methods.
')
/ Photo: Wendelin Jacober CCIf you would like to skip reading and go straight to practical actions, you can use the relevant section in Mick Lee's guide:
For Windows and Linux
To get started, you need to create an account in Jabber using the Tor browser. We talked about this a bit in the first part .
Pidgin is used to work on Windows and Linux. Setting up this software likewise requires the background work of the Tor browser. Every time you need to do something with accounts in Jabber, your Tor browser should be running in the background.
For Linux, pidgin, pidgin-otr, and tor packages are required.
In Pidgin, in the Buddy List window, select Manage Accounts and Add Account.
Further:
- Proxy Server Tab (Proxy) - “Tor / Privacy (SOCKS5)”
- “Host” - “127.0.0.1”, “Port” - “9150” (for Windows), and “9050” (for Linux)
- “Protocol” (Protocol) - “XMPP”
- Domain is the name of the Jabber server
- "Resource" (Resource) - "anonymous"
- “Add” - to save settings
If everything is done correctly, you should see the "List of interlocutors" window with the status "Available" (Available).
Creating Encryption Key (OTR):
- “Buddy List” - “Tools” (Tools) - “Plug-ins” (Plugins) - “Off-the-Record Messaging” - tick the box to the left of it.
- “Configure Plugin” (Configure Plugin) - select an account - “Generate” (Generate) - put a tick in front of “Require protection” (Require private messaging)
After the start of the exchange of encrypted messages, you can see the fingerprint of your interlocutor's key, and he can see yours. If the fingerprint you were given matches the fingerprint that is displayed in Pidgin, then this contact can be marked as reliable. If the key prints do not match, it means you have been attacked by a middleman . In this case, do not mark the contact as reliable, but try to repeat the procedure a little later.
The “Question and Answer” and “Secret Word” methods work well here. For simplicity, you can simply confirm the OTR fingerprint on an external channel (not in the current chat), compare the fingerprint symbols and mark the contact as trusted. When these conditions are met from both sides, the status of the conversation will change from “Unverified” to “Private”.
Additional instructions for setting up anonymous messaging on other platforms are provided in the Mick Lee general guide .
Source: https://habr.com/ru/post/271455/
All Articles