Off-the-Record Messaging

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with other cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".^[1]

The OTR protocol was designed by cryptographers Ian Goldberg and Nikita Borisov and released on 26 October 2004.^[2] They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol. A Pidgin and Kopete plugin exists that allows OTR to be used over any IM protocol supported by Pidgin or Kopete, offering an auto-detection feature that starts the OTR session with the buddies that have it enabled, without interfering with regular, unencrypted conversations.

Implementation

In addition to providing encryption and authentication — features also provided by typical public-key cryptography suites, such as PGP, GnuPG, and X.509 (S/MIME) — OTR also offers some less common features:

Forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person. Within the conversation the recipient can be sure that a message is coming from the person they have identified.

Authentication

As of OTR 3.1, the protocol supports mutual authentication of users using a shared secret through the socialist millionaire protocol. This feature makes it possible for users to verify the identity of the remote party and avoid a man-in-the-middle attack without the inconvenience of manually comparing public key fingerprints through an outside channel.

Limitations

Due to limitations of the protocol, OTR does not support multi-user group chat as of 2009^[3] but may be implemented in the future. As of version 3^[4] of the protocol specification, an extra symmetric key is derived during authenticated key exchanges that can be used for secure communication (e.g., encrypted file transfers) over a different channel. Support for encrypted audio or video is not planned. (SRTP with ZRTP exists for that purpose.)

Since OTR protocol v3 (pidgin-otr 4.0.0 and libotr 4.0.0) the plugin supports multiple OTR conversations with the same buddy who is logged in at multiple locations.^[5]

Client support

libotr
Developer(s)	OTR Development Team
Stable release	4.0.1 / 21 October 2014 (2014-10-21)
Development status	active
Written in	C
Operating system	Cross-platform
Type	Software Library
License	LGPL v2.1+^[6]
Website	https://otr.cypherpunks.ca/index.php#downloads

Native

These clients support Off-the-Record Messaging out of the box.

Adium (OS X)
Blink SIP client (OS X)
BitlBee (cross-platform), since 3.0 (optional at compile-time)^[7]
CenterIM (Unix-like), since 4.22.2
ChatSecure (Android, iOS)
climm (Unix-like), since (mICQ) 0.5.4
Conversations (Android)
Cryptocat (cross-platform), since 2.0
IronChat, based on Xabber development (Android)
Jitsi (cross-platform)
Kadu (software) (cross-platform), since 1.0 ^[8]
Kopete (Unix-like)^[9]^[10]
LeechCraft (cross-platform)^[11]^[12]
MCabber (Unix-like), since 0.9.4^[13]
Profanity, since 0.4.1
Psi+ (cross-platform)^[14]^[15]
Signal (iOS)
TextSecure (Android)
Textual 5 (OS X), since 5.1.2
Xabber (Android)

Via plug-in

Off-The-Record authentication in Pidgin using Socialist millionaires protocol

The following clients require a plug-in to use Off-the-Record Messaging.

Gajim, with a third-party plugin^[16]^[17] (no longer maintained and deprecated^[18])
irssi and xchat, with a third-party plugin^[19]
Miranda IM (Microsoft Windows), with a third-party plugin^[20]
Pidgin (cross-platform), with a plugin available from the OTR homepage^[21]
Psi (cross-platform), with a third-party plugin and build^[22]
Tkabber (cross-platform, since version 1.1), with a plugin from the Tkabber developers^[23]
WeeChat, with a third-party plugin^[24]

Not in Google Talk

Although Gmail's Google Talk uses the term "off the record", the feature has no connection to the Off-the-Record Messaging protocol described in this article, its chats are not encrypted in the way described above - and could be logged internally by Google even if not accessible by end-users.^[25]^[26]

References

↑ Nikita Borisov, Ian Goldberg, Eric Brewer (2004-10-28). "Off-the-Record Communication, or, Why Not To Use PGP" (PDF). Workshop on Privacy in the Electronic Society. Retrieved 2014-03-06.
↑ Ian Goldberg (2014-10-26). [OTR-users] Happy 10th anniversary!. Retrieved 2015-04-27.
↑ Ian Goldberg (May 27, 2009). "multi-party OTR communications? (and other OTR details)". OTR-users mailing list.
↑ "Off-the-Record Messaging Protocol version 3".
↑ Ian Goldberg (September 4, 2012). "pidgin-otr and libotr 4.0.0 released!". OTR-announce mailing list.
↑ "Off-the-Record Messaging".
↑ "BitlBee Wiki". Wiki.bitlbee.org. 2014-01-25. Retrieved 2014-05-15.
↑ "Kadu 1.0 Release Notes".
↑ "kopete-otr in KDE for 4.1".
↑ "kopete-otr review request".
↑ 0xd34df00d. "OTR Plugin". Github.com. Retrieved 2014-05-15.
↑ "Short description". Leechcraft.org. Retrieved 2014-05-15.
↑ "source code". Mcabber.com. 2013-10-25. Retrieved 2014-05-15.
↑ "OTR Plugin". Github.com. Retrieved 2014-05-15.
↑ "Psi+ snapshots". Github.com. Retrieved 2014-05-15.
↑ "OTR plugin for Gajim".
↑ "Gajim Wiki".
↑ gajim-otr project: This software is experimental and potentially insecure. Do not rely on it
↑ "irssi-otr / xchat-otr plugin".
↑ "Miranda OTR Plugin".
↑ "OTR plugin for pidgin".
↑ "Psi-Patches and OTR-Plugin on". Tfh-berlin.de. Retrieved 2014-05-15.
↑ "Tkabber OTR Plugin".
↑ "OTR plugin for WeeChat".
↑ "Chatting off the record - Talk Help".
↑ "Google Talk - Privacy Policy".

External links

OTR project site
Protocol specification
Off-the-Record Messaging: Useful Security and Privacy for IM, talk by Ian Goldberg at the University of Waterloo (video)
'Off-the-Record' Instant Messaging Tutorial (encryption, authentication, deniability, ..) on YouTube

Cryptographic software

Email clients

Secure Messaging

OTR	Adium BitlBee Centericq ChatSecure climm Cryptocat Jitsi Kopete MCabber Profanity Signal TextSecure

SSH	Dropbear lsh OpenSSH PuTTY SecureCRT WinSCP

TLS & SSL	Bouncy Castle BoringSSL Botan cryptlib GnuTLS JSSE LibreSSL MatrixSSL NSS OpenSSL mbed TLS RSA BSAFE SChannel SSLeay stunnel wolfSSL RetroShare

VPN	Check Point VPN-1 Hamachi Openswan OpenVPN SoftEther VPN strongSwan

ZRTP	CSipSimple Jitsi Linphone RedPhone SFLphone Signal Zfone

Disk encryption
(Comparison)

Anonymity

Cryptographic file systems

Educational

CrypTool

Related topics

Category
Commons
Portal

Free and open-source software

General	Alternative terms for free software Comparison of open source and closed source Comparison of open-source software hosting facilities Formerly proprietary software Free and open-source Android applications Free and open-source software packages Free software Free software events Free software movement Free software project directories Free software web applications Gratis versus libre Long-term support Open-source software Outline SPDX

Operating system families	AROS BSD Contiki Darwin eCos FreeDOS GNU Haiku Inferno Linux Mach MINIX OpenSolaris Plan 9 ReactOS TUD:OS

Development	Basic For Qt Eclipse Free Pascal FreeBASIC Gambas GCC Java Julia LLVM Lua NetBeans Open64 OpenSSH Perl PHP Python ROSE Ruby Smalltalk Tcl

History	GNU Haiku Linux Mozilla Application Suite Firefox Thunderbird

Organizations	Android Open Source Project Apache Software Foundation Blender Foundation The Document Foundation Eclipse Foundation Free Software Foundation Europe India Latin America FreeBSD Foundation freedesktop.org FSMI GNOME Foundation GNU Project Google Code KDE e.V. Linux Foundation Mozilla Foundation Open Knowledge Foundation Open Source Geospatial Foundation Open Source Initiative OpenBSD Foundation Software Freedom Conservancy SourceForge Symbian Foundation Ubuntu Foundation VideoLAN Organization Wikimedia Foundation X.Org Foundation Xiph.Org Foundation XMPP Standards Foundation

Licenses	Apache APSL Artistic Beerware Boost BSD CC0 CDDL EPL GNU GPL GNU LGPL ISC MIT MPL Ms-PL/RL WTFPL zlib

License types and standards	Comparison of free and open-source software licenses Contributor License Agreement Copyfree Copyleft Debian Free Software Guidelines Definition of Free Cultural Works Free license The Free Software Definition The Open Source Definition Open-source license Permissive free software licence Public domain Viral license

Challenges	Binary blob Digital rights management Free and open-source graphics device driver Comparison of open-source wireless drivers Hardware restrictions License proliferation Mozilla software rebranding Proprietary software SCO–Linux controversies Secure boot Software patents Software security Trusted Computing

Related topics	The Cathedral and the Bazaar Forking Linux distribution Microsoft Open Specification Promise Revolution OS

Book Category Commons Portal