Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
News

Secure Instant Messaging Systems? 15

Posted by Cliff from the cloak-and-dagger dept.
Elik writes: "I been asked by the higher up at Netwolves as to the availability of a secure messaging system that uses an encrypted protocol for messaging instead of insecure systems like AIM, MSN, Yahoo or ICQ. From what I have read, they are not secure enough that you can send any secret confidential information though the messenger system, since from the reading, they are not encrypted. Are there secure messaging client/server systems that are available for most platforms, that could be considered secure by using some of the standard encryption systems like 3DES, Blowfish or others?" It shouldn't be too hard to hack support for this into the existing IRC clients. It may not be as cute as most IM systems, but if it's security you want, you may have to sacrifice something. If you are transferring huge amounts of data, why worry about instant messaging systems? Just use PGP (or GPG) to encrypt the data and the plethora of file sharing software currently available on the Internet to get it where you want?
This discussion has been archived. No new comments can be posted.

Secure Instant Messaging Systems? More

Secure Instant Messaging Systems?

Comments Filter:
  • I tried downloading the four different packages of source code I need to make Gale to work, but all of them are corrupt. I can't even open any of the tar files.

    At the very least, I think Gale needs a prebuilt binary and Win32 install system if it's going to be popular.

  • Just tunnel IRC (or something) over ssh: works fine, is easy to set up, and you're not reinventing either wheel. (there are plenty of ssh and IRC clients available for most platforms)

  • Look at <a href="http://kit.tpu.org">http://kit.tpu.org</a>. RSA & IDEA encrypted instant messenging.

    -henrik

  • dude. (Score:1)

    by Zurk ( 37028 )
    just set up a single server with a firewall/linux and allow only ssh connections in. then people can ssh in from OS and use the regular unix talk command for better than instant instant messages. you can even encapsulate it into a newbie friendly menu like shell. you control the server and its all ssh encrypted anyway.
  • i'm sure anything using toc can use ssl, probably oscar too

    the only thing is, if both sides of the conversation aren't using ssl, its not very effective....

    also if you're worried about major powers doing evil stuff, they could still do evil stuff at aol hq

  • When was the last time you can recall your non-unix friends using anything but AIM/ICQ/MSN/Yahoo!? Take your elitism elsewhere.
  • A few of my friends got together and started planning the protocol for such a beast. My roommate and I actually started implementing parts of this a month or so ago. Unfortunately, with school in the way, we haven't had much time to go very far. If anyone would like to check out what we have going as far as the protocol is conserned, most of our documentation can be found here [dhs.org]. If you have any questions or comments, feel free to e-mail me (my e-mail address is on the above page).
  • The everybuddy (http://www.everybuddy.com) client which uses all of the messaging system has support for pgp/gpg through a patch that you can appily. All you would have to do is have EB at both ends and the chat session would be secure :)
  • Secure Shuttle [secureshuttle.com] I have downloaded and used it. I really wonder how secure it is.
  • It was already mentioned... but Keep in Touch is pretty nice. I played around with it for sometime last year, and it seemed pretty solid.

    http://kit.tpu.org/

    The other ineteresting one is BET.

    http://www.upl.cs.wisc.edu/~hamblin/BET.html

    I didn't use it much... but the code seemed to work... I didn't get a chance to benchmark/test it...

    These were all for a secure login server for an online game that I gave up on. :-)

    Peace out.
  • Since Jabber [jabber.org] is OSS, how hard would it be to add encryption to it?

    I know that it sends messages via xml, so perhaps you could create an tag, that would let jabber know that this content is encrypted and needs to be decoded before viewing.

    Just and idea.

  • Gale [gale.org] is such a system ( from http://www.gale.org/docs.xml ):

    Gale is instant messaging software distributed under the terms of the GNU General Public License [gnu.org].

    Several features set Gale apart from other instant messaging systems.

    Gale is open source software. The GPL ensures that you and others retain the freedom to modify and distribute the Gale source code. Gale will never lock into any one vendor's proprietary, closed system.
    Gale is useful. Gale isn't just about poking "private" messages to someone sitting at another computer. Gale does support secure private messaging, but Gale also has a well-developed infrastructure for public (and semi-public) chat.
    Advanced categorization and filtering features mean that you can precisely control your level of participation and distraction. We've been at this for years, we've tried everything else out there, and we have a lot of experience with the usability of real-time messaging systems. The result of our experience is something like IRC, something like Zephyr, and something like commercial "instant messaging" systems, but with many features you won't find in any of these.
    Gale is secure. Most other systems depend on the security of a central bank of servers, and provide no protection against network eavesdroppers.
    Gale uses strong cryptography for both privacy and authentication, and is designed to work in an environment of mutual distrust between users and administrators.
    Gale scales. Gale's architecture uses a loosely-connected set of servers which locate each other via DNS only when they need to talk to each other. Multicast is accomplished by the dynamic creation of self-healing spanning trees of interconnected servers. The network is robust; servers and clients detect and route around failure. This means Gale is fast and stable. Gale will not suffer the kind of performance and reliability problems USENET, IRC, and centralized commercial message systems do.
    Gale is here today. Gale has been in active development for over three years. Both clients and servers have been well tested by daily use in an active user community. Both simple command-line and sophisticated graphical clients are available, and there are platform solutions for the POSIX, Microsoft Windows, and Java platforms.
  • Yep.. and it works fine.
    "Licq now supports Secure Socket Layer connections between clients allowing for fully secure communication of messages, urls, chat requests...
  • The newly released PGP 7.0 (pgp.com [pgp.com]) includes an ICQ plugin that does realtime encryption of all ICQ messages.

    On top of that, it includes PGPnet, a VPN client that can encrypt all communications between two clients.

    Don't reinvent the wheel.

  • A Commercial Plug (Score:3)

    by scotpurl ( 28825 ) on Saturday September 23, 2000 @06:02PM (#759186)
    SameTime from the folks at Lotus. Integrates with both Exchange and Lotus Notes directories (I think with NT directories, too) as well as LDAP. They actually bought stuff from http://www.ubique.com and merged it with stuff from http://www.databeam.com to create SameTime, and then integrated it into everything. A PIII 500 will support something like 20,000 users.

    Anyway, secure, plus beaucoup other functionality. Published, extendable APIs, examples. Video streaming, audio streaming, etc. etc. Uses choice of ActiveX or Java. Version 2.0 is due out the end of the month (or thereabouts). There's a Java version of the chat/instant messaging client, plus a Windows version.

    http://www.lotus.com/sametime

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close