Anyone use Pidgin OTR for IM?

I'm trying it out and while the set-up was more difficult than I thought it needed to be, it seems to work fine with the exception that I can't get it to "authenticate" the other user and they can't authenticate me. I've searched their website and read their FAQ's and still no luck. I downloaded the version from TOR but it seems to have all the features of the one downloaded from the Pidgin site. Any ideas? Thanks. Also both users are using the same protocol for IM, yahoo, so there should be no issue there.

 

I have it installed and have used it on both Vista and Ubuntu. And I had no issues with installing nor configuring, either.

I strongly recommend obtaining any software from the source rather than any indirect location.

The source for Pidgin is here.

 

I use it exclusively.

 

I would agree with the direct download as a general rule, usually less problems. Now the question is, who is really providing the service. I originally thought TOR allowed for secure IM, then as I looked at the download options I see Firefox is linked to the package(which I already have) and then there is a Tor-IM for Firefox and Pidgin? Sounds like I need to delete TOR and start over. Is Pidgin a stand alone or does it need TOR to work?

 

The only additional piece of which I am aware that Pidgin requires is the GTK+ Runtimes.

 

I use Pidgin works a treat. But I know nothing about their OTR or TOR services. Is it on by default? Can somebody clue me in.

 

I think there is some confusion over OTR and TOR. They are two completely different things when used with Pidgin.

TOR is the Onion Routing network that most of us are familiar with that can be used to obfuscate traffic at your end by tunneling it through a bunch of servers before forwarding it on to the intended destination. When used with Pidgin, it doesn't really provide anything extra in the way of security. Your communications are still passing through the server [and to your IM partners] in the clear. If an adversary knows who you are talking to then there will multiple points where they can obtain the data stream.

OTR is otherwise known as Off-The-Record Messaging and is a _much_ better way of encrypting text between you and your IM partners, as well as providing an authentication method so you are assured you are talking to your intended partner.

OTR is not provided by the Pidgin developers and is not a "service" in that it does not require a central service provider. It is simply a plugin for Pidgin that you and your IM partners install. Key exchange occurs directly between the involved parties using Diffie-Helman Key Exchange.

TOR also has no affiliation with Pidgin and is a project with servers being provided by a number of "interested parties" worldwide [see: http://www.torproject.org/].

If you are looking to secure your IM communications then OTR is the solution. TOR is a poor security solution for this.

Hope this helps and doesn't just add to the confusion

 

I use the Pidgin using silcnet secure network and OTR plugin as end-to-end encryption (silcnet+OTR=double layer). For me, it is the best in security so far. TOR is a good anonymizer and traffic encrypter, but is only good if used in CONJUCTION with other solutions and not SEPARATELY.

 

OK, thanks everyone for the reply's, I think I got a much better understanding now. I removed all the stuff I had downloaded for the 2 programs then seperately installed Tor, Firefox and then Pidgin with the OTR plugin. Everything seems to work fine now with 1 exception. When I IM with OTR it will not allow me or the other person to "authenticate buddy", the version is 3.2.0 of OTR. It simply shows unverified which I think is encrypted but not authenticated, but don't know for sure. All data was downloaded from original source. Whats stopping me from finishing the authentication?