logs archiveIRC Archive / Oftc / #tor / 2015 / October / 28 / 1
Guest6841
anyone want to help re-tech me how to setup an otr chat?
cacahuatl
http://crypty22ijtotell.onion/handbook/chapter_12_instant_messaging_encryption/chapter_12_instant_messaging_encryption.html#setting-up-encrypted-instant-messaging further discussion should be taken to #nottor since otr isn't really tor
Guest6841
well, I meant using otr while on the tor network. So I would think it at least semi applies :)
cacahuatl
No, it doesn't.
Guest6841
as that howto seems a bit lean on getting otr to run through tor.
arma
guest6841: if you want to be a super early adopter, there's https://dist.torproject.org/tormessenger/0.1.0b1/
Guest6841
but I can certainly ask on #nottor
cacahuatl
Or tails has pidgin setup with OTR and ready to use tor too
Guest6841
arma I am really looking for someone to help me and connect with me using OTR pidgin. just as a hands on howto. I am routing all through tor, but not sure how to setup pidgin with otr to the correct server, how to connect to someone etc. Someone here helped me do this ages ago and chatted with them for a while, but I don't remember the steps, and I think they hopped user names a lot
I have pidgin and OTR installed. just looking for someone to chat with OTR that can also help me with making sure my setup is correct
         

arma
guest6841: the above tor messenger beta1 aims to be both easier to use than pidgin+otr+tor, but also safer.
(pidgin uses libpurple, which is a disaster in terms of security.)
Guest6841
arma, that's cool, but I'd first like to make sure I know how to use pidgin, otr, tor as this seems the most commonly used.
cacahuatl
Adopting the legacy problems of a community as a new user is probably not the best starting point.
Guest6841
I don't really understand adding the proper servers, verifying chat partner, etc . did it before but had someone walk me through it. Once I have a grasp on it I'm certainly open to trying some different methods. I just need to gain the basic unerstanding of what's going on first.
cacahuatl
Generally though, using pidgin with OTR over Tor, is the same as using pidgin with OTR anywhere else, except with some SOCKS settings added.
Guest6841
cacahuatl - I am on whonix, so the tor settup is already done
I just don't have anyone to OTR chat with :)
cacahuatl
You should still use SOCKS for circuit isolation purposes, as per the Whonix documentation.
Guest6841
hmm, i didn't know that
cacahuatl
add a username and password to your socks proxy settings too, like "xmpp:xmpp" or whatever, then they won't share circuits with your browser, etc.
Guest6841
cacahuatl my understanding is that whonix has some app settings, xchat for example, already set to stream isolation using socks proxy. other apps such as browsers may go through the transport so no stream isolation. I am not finding anything on the whonix site to stream isolate pidign however
pidgin
cacahuatl
Right, so point it at the gateway SOCKS and give it a username and password and it'll be isolated.
whitanne_
why does the tor browser use socks5 instead of socks4a?
Guest6841
i may be wrong though as I'm certainly not very knowledgeable on this stuff, thus the reason I'm looking for someone help me to setup an OTR chat with them
cacahuatl - that makes sense, but doesn't whonix have several gateway socks proxies, each running on a different port for each different app?
cacahuatl
whitanne_ I don't think socks4a is officially defined anywhere
Guest6841
I thought each socks needed to be setup on the gateway with its own user / pass for each app that you want isolated. NO?
cacahuatl
Sure, that works too, that's also how tails does most of it's isolation.
whitanne_
cacahuatl: what do you mean?
cacahuatl
There is no RFC for SOCKS4a, it's a sort of ad-hoc feature to SOCKS4.
Whereas SOCKS5 has an RFC
kidoodik
arm (without sudo) gives [Errno 13] Permission denied: '/var/lib/tor/control_auth_cookie'
then I run with sudo and arm says it shouldn't be run with sudo
what to do
cacahuatl
`usermod -a -G debian-tor $your_username_here` or `sudo -u debian-tor arm`
the latter is probably least likely to lead to fail later on
         

kidoodik
I'm not using Debian
cacahuatl
well, whatever the group is :)
or whatever user that tor is running under
kidoodik
tor was started with systemctl
/usr/bin/tor -f /etc/tor/torrc
cacahuatl
Consult the documentation for your operating system as to what user tor runs as
junglefowl
`ls -l /var/lib/tor/control_auth_cookie` gives you a clue about user/group
kidoodik
-rw------- 1 tor tor
cacahuatl
`sudo -u tor arm`
kidoodik
thanks
[ARM_NOTICE] Tor needs root permissions to start with this configuration (it will drop itself to the current user afterward). To continue...
arma
cacahuatl: running arm as the tor user is bad news.
better to add yourself to the tor group and then run arm as yourself
https://trac.torproject.org/projects/tor/ticket/10702
cacahuatl
hmmm, I see, the group gets the control port access but not the private keys.
kidoodik
sudo -u tor myusername?
sudo arm
after adding my user to tor group?
cacahuatl
the first option
`usermod -a -G tor $your_username` will "append" to the tor group to your user, giving you access to the cookie
arma
no, not even sudo. see item 14 on https://www.torproject.org/docs/tor-relay-debian
cacahuatl
then just run arm as your user (after you relog)
arma
right
kidoodik
I forgot to logout
[Errno 13] Permission denied: '/var/lib/tor/control_auth_cookie'
without sudo
cacahuatl
Oh, you may also need to add 'CookieAuthFileGroupReadable 1' to your torrc
and reload tor (I don't know if it would require a full restart off-hand?)
kidoodik
cacahuatl: edit /etc/tor/torrc?
cacahuatl
right, and append that line.
kidoodik
or torrc in home folder
okay
cacahuatl
er, I don't know why there'd be one in a home folder
kidoodik
Vidalia used to create it
I uninstalled Vidalia
cacahuatl
Yeah, it's not going to be relevant then
kidoodik
;)
cacahuatl: I got the same error
[warn] CookieAuthFileGroupReadable is set, but will have no effect: you must specify an explicit CookieAuthFile to have it group-readable.
which is /var/lib/tor/control_auth_cookie
right
arm won't run without sudo
my distro's documentation says that I should start arm with sudo -u tor arm
cacahuatl
Care to link to it? Also did you restart tor after adding that line to the torrc?
kidoodik
cacahuatl
and also if you did, can you do the `ls -al /var/lib/tor/control_auth_cookie` again and check that it's now group readable
I'd disregard the archwiki in this instance and trust the tor dev who told you otherwise ;) and the reasons on the trac ticket
kidoodik
-rw-r----- 1 tor tor
cacahuatl
and if you type `groups` you see 'tor' in this list?
kidoodik
yes
tor.service includes ExecStart=/usr/bin/tor -f /etc/tor/torrc
user=tor
cacahuatl: arm is working
cacahuatl
oh, okay, I thought that was still b0rked.
kidoodik
oh wait
cacahuatl
But as pointed out on the trac ticket, the tor user has access to things like private keys, while the tor group does not. So it is better to assume the least authority required.
kidoodik
it's working because I stopped Tor.
Tor Disconnected (press r to reconnect)
now that tor.service is running, arm won't work without sudo
cacahuatl
when you're doing ls -al, are you doing it as root? :P
kidoodik
yes :( ls: cannot access /var/lib/tor/control_auth_cookie: Permission denied
« prev 1 2 3 next »