Comment on Selfhosted chat service

tal@lemmy.today ⁨1⁩ ⁨month⁩ ago

I have already looked in XMPP, but it required SSL certs and I did not have the mood to configure them.

There are definitely XMPP clients that do end-to-end encryption that do not rely on TLS for key exchange, though.

en.wikipedia.org/wiki/Off_the_record_messaging

Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. The initial introductory paper was named “Off-the-Record Communication, or, Why Not To Use PGP”.[1]

source
Sort:hotnewtop