Pidgin-paranoia is a plug-in for Pidgin (formerly known as Gaim) that provides information-theoretically secure encrypted conversations using one-time pads.

Because the plugin uses a one-time pad where the secrect key has the same length as the message and the key is only used once, the encryption is information-theoretically secure. This means that from the encrypted messages the contents of the messages are not revealed.
In short: If you use truely random numbers to generate the key files and if you keep them perfectly secret, one-time pads can not be broken. For more details read the INFO file.

News

• 2009-09-08: Pidgin-Paranoia 0.4.0
  0.4 is here! In this release we added translation support. A German translation is available and it is simple to add additional translations. Contributions are very welcome.
  
  The plugin is now well tested and suitable for everyday use.
  
  
  • Debian Packes for Squeeze/Sid: i386, amd64
    
  • Source tar.gz: source code
  
  Ubuntu users can get packages from this personal package archive. Replace YOUR_UBUNTU_VERSION with hardy, intrepid, jaunty or karmic:
  

  	deb http://ppa.launchpad.net/nowic/ppa/ubuntu YOUR_UBUNTU_VERSION main 
  	deb-src http://ppa.launchpad.net/nowic/ppa/ubuntu YOUR_UBUNTU_VERSION main
  		

• 2008-10-04: Pidgin-Paranoia 0.3.0
  Our third release (gpg-signature) focuses on stability and usability improvements. Session handshake can be expected to work all the time, the user gets live feedback about the current state during key generation and the consistency of received messages is checked.
  In addition, 0.3 provides performance improvements that allow the software to scale better then ever with the increasing number of paranoid people in your contact who all have an increasing number of concurrent keys. The performance of the key generator has also been greatly improved.
  We consider the software to be in beta stage and suitable for everyday use.
  
  For your convenience Debian/Ubuntu packages (gpg-signatures) are supplied for i386 and amd64.
  
  
  • Debian Lenny/Sid: i386, amd64
    
  • Ubuntu Hardy: i386, amd64
    
  • Source tar.gz: source code
  
  
• 2008-03-26: Pidgin-Paranoia 0.2.0
  Our second release (gpg-signature) brings many new features like support for multiple keys per buddy, a new threaded keygen and better handling of the keyfiles. We think it is pretty stable and consider it in late alpha stage since it is not 100% feature complete. But we consider it suitable for everyday use.
  
  For your convenience Debian/Ubuntu packages (gpg-signatures) are supplied for i386/amd64:
  
  
  • Debian Lenny/Sid or Ubuntu 8.04 (Pidgin 2.4): i386, amd64
    
  • Ubuntu 7.10 (Pidgin 2.2): i386, amd64
    
  • (Pidgin 2.3): i386, amd64
    
  
  
• 2007-12-30: Pidgin-Paranoia 0.1.0
  Enjoy our first release! (gpg-signature) Basic functionality of information-theoretically secure encrypted instant messaging and key generation is provided. We consider it alpha quality, but it should not SIGSEGV :-)

Features & Technology

• Currently the plugin supports protocol-independent encryption and decryption with multiple keys, key generation and a built-in command system.
• The plugin depends on libpurple and works with pidgin, finch (a console IM) and possibly other IM using libpurple.
• The encryption, decryption and key generation process is transparently encapsulated into a library that could be used in a program to encrypt i.e. files, e-mails, SMS, etc.
• To benefit from the security of one-time pads you need a secure way to transmit the key file to your partner (besides the fact that you need to be able to trust into the integrity of your computer).
• The nature of one-time pads limits the system to one-to-one conversations.

Installation

We provide packages for Debian and debian-based distributions (like Ubuntu). The plugin is tested with Debian Lenny and Ubuntu 8.04 (i386 and amd64) but it should ideally run on various platforms. The plugin requires libpurple >= 2.2.0 and libglib >= 2.16. The INSTALL file describes the build process.

Usage

To load the plugin select "Tools" -> "Plugins" and check the entry "One-Time Pad encryption". Commands are entered by typing a message beginning with /otp in a IM conversation window. The commands depend on the conversation, e.g. "/otp genkey 100" creates two keys for the accounts which are connected in this IM conversation.

   /otp help	 			shows this message 
   /otp genkey <size> <external entropy source>	
					generates a key pair of <size> kiB.
   /otp on	 			tries to enable the encryption
   /otp off	 			disables the encryption
   /otp info	 			shows details about the used key
   /otp list	 			shows all keys for this conversation
   /otp list-all	 		shows all available keys
   /otp reload				reloads all your key files

Setup:

1. Generate key files for you and your paranoid buddy. e.g. type "/otp genkey 100". This may take a few minutes.
2. Your key is stored in ~/.paranoia. The key for your buddy is stored on your desktop. Pass this key in a secure way to your buddy (e.g. by usb stick).
3. Your buddy places the key you generated in his ~/.paranoia directory.
4. He should use '/otp reload' to add the new key.
5. Chat encrypted!

Roadmap

1.0.0

• all major languages are available
• no conversation windows that pop-up independently
• all pidgin protocols are tested and work