[Tutorial] Pidgin + OTR - Easy Setup - Jabber / XMPP Setup Tutorial
To start off, download and install the latest version of Pidgin
After installing go to the taskbar at the top of the "Buddy List" window and go to the Accounts tab, then click on Manage Accounts. After doing this, a window will pop up in which you will want to press "Add Account."
Set a username, password, and for the domain, I recommend "exploit.im" Remember to check "Create this new account on the server."
After installing go to the taskbar at the top of the "Buddy List" window and go to the Accounts tab, then click on Manage Accounts. After doing this, a window will pop up in which you will want to press "Add Account."
Set a username, password, and for the domain, I recommend "exploit.im" Remember to check "Create this new account on the server."
Next, go to https://otr.cypherpunks.ca/ and download the latest version of OTR for Pidgin. Run the installer and you'll need to go over to Pidgin and go to Plugins, which is under the "Tools" tab in the top taskbar.
Scroll down the Plugins until you find OTR, and check the box to enable it.
Now, you are ready to use XMPP, also known as Jabber, with OTR. To add someone, simply go to "Buddies" and "Add buddy". Remember to enter their username as "username@theirdomain.im"
To use OTR to encrypt conversations, click "Not private" in the bottom right of the IM window. In the window that pops up, click "Start private conversation." OTR will also automagically delete logs created by Pidgin.
Congratulations! You now have XMPP/Jabber setup with OTR!
But! OTR is also good for confirming that someone is who they say they are!
If you go to the same window used for initiating a private conversation, you can also click on "Authenticate Buddy."
Authenticate Buddy is good for making sure that the person on the other end isn't a malicious user who hasn't hijacked, or stolen, your buddy's account.
There are multiple tools provided for doing this, such as "Question and Answer", which allows you to set a question and the answer to that question, "Shared Secret", which is a phrase that is shared between you and your buddy that others won't know that can be used for verifying that they're your buddy, and "Manual Fingerprint Verification."
The most 'complicated' out of the 3 is fingerprint verification. I believe that the fingerprint is unique to every PC, and remains the same.. (Correct me if I'm wrong.) In a conversation where you know that your buddy is actually your buddy, you can save his fingerprint for later and compare it for verification. Additionally, you can contact your friend via email, telephone, or some other form of communication in which you can have them pull up their fingerprint and confirm it. If they read out the same fingerprint that is shown on your screen, then they're not an impostor.
[Additional Information: https://otr.cypherpunks.ca/help/authenti...p?lang=en]