PSST User Manual
(note - PSST II has been completely rewritten.
Updated manual is included in PSST II downloads)
PSST is distributed (for windows) as a single EXE file.
No installation is required. Just copy the file psst.exe to a safe place. You can even store it on a floppy disk if you want.
When you run
PSST, an old-style MS-DOS console window will appear.
This is the PSST user interface (basic, huh!).
Seeding the Random Number Generator
When PSST first runs, it will ask you to type in a line of gibberish.
This is a
precaution for your own safety - it will make sure that the encryption
keys are really secure.
Make sure you type in a full line of crazy stuff.
I've chosen to do this because humans with their unpredictability are a much better source of chaos than software, and chaos is what makes the encryption work.
Having a conversation
To start a
private conversation, either you connect to another party, or they
connect to you.
That's your choice.
If you're the one connecting, then you'll need to know the other person's IP address, or a hostname where their computer can be reached. Vice-versa, if they are connecting to you.
Perhaps the easiest way to start a PSST conversation is:
What about Firewalls?
If you're behind a firewall, the simplest approach is for you to initiate the connection to the other party. Many firewalls restrict inbound connections, but not outbound.
If you and the other party are both behind a firewall, the issue gets a little more tricky. One of you will need to configure the firewall to accept connections on port 4516 and route those connections through to your own PC.
If neither you nor the other party can configure the firewall to allow inbound port 4516 connections, then you may be able to receive connections on another port.
You can run psst with a port number as an argument, to cause PSST to receive incoming connections on that port. Note though that on Linux, you need to be root to receive connections on a port below 1024.
Records of PSST Activity
Note - PSST does not write any registry keys.
It does not store any files, or leave any records of your specific activity anywhere on your computer.
If your computer ever got seized, there would be no record of any specific conversation ever having taken place. All anyone can determine is possibly that you ran the PSST program at some time, but no idea of who you may have communicated with, or how often.
But if you're concerned, you can make sure that nobody even knows you've run PSST. To get this added security, follow this simple procedure:
If you follow these steps, then even if your computer is seized or inspected, a managerial or forensic audit will not reveal that PSST was used or even existed on your machine.
Security Threats
The main
security vulnerabilty of PSST 0.1.1 is a 'Man In The Middle'
(MITM) attack.
This has been solved in version 0.1.2. See downloads page.
Thanks to 0x90, UserX and the correspondents on www.infoanarchy.org
who got on my case and encouraged a more timely fix.
Have fun, and safe chatting :)