| 1 |
On Mon, 17 Aug 2009 04:19:35 +0200 |
| 2 |
Xianwen Chen <xianwen.chen@×××××.com> wrote: |
| 3 |
|
| 4 |
> I'm looking for a network message encryption method. Please kindly |
| 5 |
> tell me if you know any Instant Messenger which supports encryption. |
| 6 |
> Thank you very much! |
| 7 |
|
| 8 |
I'm using gajim with TLS-enabled (transport-level encryption) connection |
| 9 |
to the servers and built-in GPG plugin to encrypt messages, containing |
| 10 |
some auth info, which I occasionally have to pass. |
| 11 |
I believe pidgin also had support for such feature via one of the |
| 12 |
standard plugins. |
| 13 |
|
| 14 |
TLS is widely-deployed on XMPP (jabber) servers, but encryption ends at |
| 15 |
the server in question, so it can intercept / mangle the messages, so it |
| 16 |
might be good idea to prefer large and reliable servers to |
| 17 |
possibly-compromised or malicious small ones. |
| 18 |
Furthermore, in case of XMPP, your (source) server is free to pass the |
| 19 |
message in unencrypted form to destination server, so message can be |
| 20 |
caught by any IP-sniffers on the route. |
| 21 |
Then there's also remote client connection, which can be unencrypted |
| 22 |
(no TLS/SSL) and likewise intercepted on TCP/IP level. |
| 23 |
|
| 24 |
GPG encryption requires clients on both sides to support it, but has |
| 25 |
benefit that all cryptographic operations are happening on client |
| 26 |
machines, so server (or any intermediate host) is unable to spoof |
| 27 |
conversation, provided the encryption (GPG) keys aren't compromised. |
| 28 |
|
| 29 |
-- |
| 30 |
Mike Kazantsev // fraggod.net |
Archives