We installed the OTR plugin for BitlBee already, so it's ready to support OTR. Prior to an encrypted conversation, we must first generate a key pair. For each account you have registered with BitlBee, you can have unique key pairs. View your account list and then generate an OTR key with:
otr keygen 0
After a few seconds, root will inform you that OTR key generation is complete. At any point, you can view information on your OTR keys with:
otr info
This will provide the key fingerprints for each account. You are now ready to have an encrypted chat.
Your contacts, or buddy list, should have been available when BitlBee authenticated your account. You can view your buddy list in the &bitlbee window with the blist command. This table will show the nick, the handle at the specific account, and the status of each contact. BitlBee converts the handle into IRC-friendly names, which are the "nicks" in the first column. It can become confusing when people use the same handle on separate accounts. BitlBee allows you to rename nicks to help manage this problem. For example, BitlBee will append duplicate nicks with an underscore, but you can rename them with the following command:
rename gabriel_ice_ gabriel_ice_jabber
Adding contacts is also straightforward with the familiar command syntax:
add 0 [email protected]
Just remember to check your account list to know which account number to use.
Chatting can be performed directly in the &bitlbee channel. Use IRC syntax to specify the nick and BitlBee will direct it to the appropriate service. A basic chat session, between maxine and gabriel_ice_japper, would look like this:
<maxine> gabriel_ice_jabber: when can we meet to talk about DeepArcher? <gabriel_ice_jabber> maxine: Tuesday at 10.
Alternatively, you can use the /query command to open a new window and chat directly with the user. With this method, you don't have to specify the user's nick each time because you and your buddy are in a private chat.
Tip
For those new to IRC, the following tutorial is a good introduction: http://www.irchelp.org/irchelp/irctutorial.html. For those looking for ERC-specific help, the Emacs Wiki has some resources: http://www.emacswiki.org/emacs/ErcBasics.
To initiate an OTR protected chat, type:
otr connect gabriel_ice_jabber
While we are connected at this point and the chat session will be encrypted, we are left with the problem of how do we really know who we are chatting with? This question may seem existential, but it is an important one. A common attack on a communication protocol is a Man-In-The-Middle (MITM) attack. The canonical setup of the MITM attack involves two parties who wish to communicate, Alice and Bob, and the malicious meddler Mallory. Alice initiates a connection with Bob, but it is usurped by Mallory and likewise with the connection from Bob to Alice. Alice thinks she is talking to Bob, but really she is talking to Mallory, who is forwarding messages to Bob and vice versa. At this point, Mallory can direct and manipulate the conversation at will.
To defeat this, we need to authenticate the receiving party. In OTR, you could verify the key fingerprint of your partner. This requires you to have swapped OTR fingerprints a priori and it might not be very convenient to carry your OTR fingerprint with you at all times. The other mechanism is to use the Socialist Millionaire Problem to authenticate your buddy. The Socialist Millionaire Problem is discussed in more detail in the following subsection, for now, think of it as a question and answer game where the answer would only be known by the person with whom you are communicating.
To initiate the protocol in BitlBee, type something like the following:
otr smpq gabriel_ice_jabber "What beer did I order last night, one word, lowercase?" ipa
Presumably, you and Gabriel Ice were out at dinner last night and he would know the type of beer you ordered. When phrasing the question, it's good to include instructions of how to type it. Else, it would result in an incorrect response and probably confuse your partner, who despite the drinks, distinctly remembers you drinking an IPA. If your partner responds correctly, you should see:
<root> smp: initiating with gabriel_ice_jabber_... <root> smp gabriel_ice_jabber_: secrets proved equal, fingerprint trusted
This mechanism is one-way; Gabriel must initiate the protocol in order to fully trust you as well. This portion of the exchange looks like this:
<root> smp: initiated by gabriel_ice_jabber with question: "What did I have for lunch yesterday, one word, lowercase?" <root> smp: respond with otr smp gabriel_ice_jabber <answer> <jbd> otr smp gabriel_ice_jabber pizza <root> smp: responding to gabriel_ice_jabber... <root> smp gabriel_ice_jabber: correct answer, you are trusted
Congratulations! You have connected and authenticated and may chat away with OTR and BitlBee! If you are using GTalk and are also logged in to Google with your browser, you may notice the encrypted messages going back and forth. You can probably log out of GTalk from your browser, but just for fun, if you are logged in, you will see the OTR messages, which look like this:
?OTR:AAIDAAAAAAQAAAAFAAAAwBPAdyxNJT7MYxOFBPfmPRCbW3yE6gADfimB7wikaf/r9/DVQ3hZfJXj+c7HSddySk77fJi3csbRIIxKCSXGLO/9cOw7SJ+u10d8D6Wp2scCAi7TzO/YGkZmeGlef3lYUbwaVkH5VoYfLSo+i90McmLrgEfM9kgZuXLtDA1H2f4jWdtBJh1XxdK/GyZBZvTcncMs/e3rRrKpSNZiJq0kijMhIK6N4NRdaNK1URipDJai1d2bnGJ2Pk0rihXc5yzCrgAAAAAAAAACAAAAEUw6xZ+tJrdEG/+yqaiwoDi0Fc9eloiWtIc1UWQ8JTIT3eaKvuMAAAAA.
Even a well-designed protocol such as OTR can have subtle design flaws. For those looking to add cryptography to your project, there is a well-known saying, don't roll your own crypto, which means don't invent your own cryptography because the odds are against you and one mistake can undermine your security. Plus even seasoned cryptographers don't get everything right on the first try. Fortunately, releasing the research, design, and code helps with the peer review process.
In response to some critiques on OTR's authentication phase, the authors improved their protocol (Alexander 2007). Prior to this paper, OTR users had to verify the fingerprint of OTR keys out-of-band. While this works, it has a human factor drawback as it is inconvenient and not very scalable to hand out OTR keys to peoplewith whom you may want to securely communicate. However, two parties may share more intimate knowledge about each other that would prove their authenticity.The problem then becomes how do Alice and Bob share some secret information without revealing it to each other. The researchers discovered that this problem is a re-statement of the Socialist Millionaire Problem where two millionaires want to know whether they are equally wealthy without revealing to each other the quantity of their wealth.
The mathematics behind this problem rely on a technique called a zero-knowledge proof. A zero knowledge proof allows someone to attest to the correctness of a statement without providing any additional information about the said statement. The details and proof of OTR's zero-knowledge proofs are beyond the scope of this book and described in detail in (Alexander 2007).
The implication of using the Socialist Millionaire Problem in OTR is that Alice can ask Bob a specific question that only Bob would know. If Mallory is masquerading as Bob and if Alice chose a good question to which Mallory doesn't know the answer, Mallory won't gain any additional information about the answer if she guesses wrong. For example, Alice asks Mallory, pretending to be Bob, who her favorite guitarist is. Bob knows that Alice is a Who fan and the answer is none other then Pete Townshend. Mallory does not know this detail so she provides an admirable, but incorrect, answer of Jimmy Page. Alice will see the protocol fail and know that Bob is not who he appears to be. But Mallory will not know any other information about the answer other than that Jimmy Page is not correct. However, it is too late for Mallory because Alice no longer trusts her and terminates the connection.