Off-the-Record Messaging

From Wikipedia, the free encyclopedia

Example of an OTR instance, the window on the left shows messages as received by iChat and on the right is Adium
Example of an OTR instance, the window on the left shows messages as received by iChat and on the right is Adium

Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie-Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and deniable encryption. This is not to be confused with the "off the record" setting in Google Talk, which merely disables logging.

The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with the majority of cryptography tools where, once signed, a cryptographic signature can be proved at a later date. Hence the initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".[1]

The OTR protocol was designed by Ian Goldberg and Nikita Borisov, both of whom have considerable backgrounds in cryptography. They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol and a special OTR-proxy for AIM, ICQ, and .Mac clients which support proxies.

Contents

In addition to providing encryption and authentication — features also provided by typical public-key cryptography suites, such as PGP, GnuPG, and X.509 (S/MIME) — OTR also offers some less common features:

  • Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
  • Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person.

As most instant messaging encryption software, OTR does not currently have any means for systematically establishing the authenticity of the participants of a conversation. Typically, users will employ a separate web of trust such as the PGP suite for signing and verifying each other's public key fingerprints. Alternatively, participants can verify each others' fingerprints through a trusted and tamper-resistant channel, such as meeting up in real life.

Due to limitations of the protocol, OTR does not currently support multi-user groupchat or encrypted file transfers. No support for these is currently being anticipated by the authors.

The following clients have native Off-the-Record Messaging support. That includes, that they make OTR usable for all instant messaing protocols which were implemented (e.g. OSCAR, Jabber, MSN, YIM/YMSG etc.).

For those clients which have no native OTR support, a proxy is available. That means that the messages are sent to the proxy unencrypted and get encrypted while they "flow" through this locally installed and running application called a proxy. Presently the proxy provided by the OTR-project supports only the OSCAR-protocol, thus it can be used for .Mac, ICQ, and AIM. The OTR proxy is capable of SOCKS5, HTTPS, and HTTP.

Some .Mac, ICQ, and AIM clients that support proxies, but don't support OTR natively:

  1. ^ Nikita Borisov, Ian Goldberg, Eric Brewer (2004-10-28). "Off-the-Record Communication, or, Why Not To Use PGP" (PDF). Workshop on Privacy in the Electronic Society. Retrieved on 2006-08-29. 
Retrieved from "http://en.wikipedia.org../../../o/f/f/Off-the-Record_Messaging_d9b3.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.