Misplaced Pages

Off-the-record messaging: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 22:56, 3 February 2009 edit72.14.227.1 (talk) removed non NPOV material "Unfortunately" etc.← Previous edit Revision as of 00:58, 25 February 2009 edit undoTothwolf (talk | contribs)Autopatrolled, Extended confirmed users, File movers, Pending changes reviewers, Rollbackers10,326 editsm Use preferred wikilink for CenterIMNext edit →
Line 35: Line 35:
* ] (]), since (mICQ) 0.5.4. * ] (]), since (mICQ) 0.5.4.
* ] (]), since 0.9.4 * ] (]), since 0.9.4
* ] (]), since 4.22.2 * ] (]), since 4.22.2


===Via plug-in=== ===Via plug-in===

Revision as of 00:58, 25 February 2009

File:Adium OTR example.jpg
Example of an OTR instance, the window on the left shows messages as received by iChat and on the right is Adium

Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie-Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with the majority of cryptography tools which resemble more a signed writing on paper, which can be later used as a record to demonstrate the communication event, the participants, and the topic of communication. In most cases people using ordinary cryptography software are not aware of this and might be better served by OTR tools instead. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".

The OTR protocol was designed by cryptographers Ian Goldberg and Nikita Borisov. They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol and a special OTR-proxy for AIM, ICQ, and .Mac clients which support proxies.

Implementation

In addition to providing encryption and authentication — features also provided by typical public-key cryptography suites, such as PGP, GnuPG, and X.509 (S/MIME) — OTR also offers some less common features:

  • Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
  • Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person.

Authentication

As of OTR 3.1 the protocol supports mutual authentication of users using a shared secret through the socialist millionaire protocol. This feature makes it possible for users to verify the identity of the remote party and avoid a man in the middle attack without the inconvenience of manually comparing public key fingerprints through an outside channel.

Limitations

Due to limitations of the protocol, OTR does not currently support multi-user group chat or encrypted file transfers, but these may be implemented in the future. Support for encrypted audio or video is not planned.

Client support

Native

These clients support Off-the-Record Messaging out of the box.

Via plug-in

The following clients require a plug-in to use Off-the-Record Messaging. Plugin support allows use of OTR with all of a client's implemented instant messaging protocols (e.g. OSCAR, Jabber, MSN, YIM/YMSG etc.).

Proxy

For those clients which have no native OTR support, a GUI proxy is available. That means that the messages are sent to the proxy unencrypted and get encrypted while they "flow" through this locally installed and running application called a proxy. Presently the proxy provided by the OTR-project supports only the OSCAR-protocol, thus it can be used for .Mac, ICQ, Sametime, and AIM. The OTR proxy is capable of SOCKS5, HTTPS, and HTTP.

Some .Mac, ICQ, and AIM clients that support proxies, but don't support OTR natively:

External links

References

  1. Nikita Borisov, Ian Goldberg, Eric Brewer (2004-10-28). "Off-the-Record Communication, or, Why Not To Use PGP" (PDF). Workshop on Privacy in the Electronic Society. Retrieved 2006-08-29. {{cite conference}}: Unknown parameter |booktitle= ignored (|book-title= suggested) (help)CS1 maint: multiple names: authors list (link)
  2. OTR plugin for pidgin
  3. OTR Plugin for Kopete
  4. kopete-otr in KDE for 4.1
  5. kopete-otr review request
  6. Miranda OTR Plugin
  7. Trillian OTR
  8. irssi-otr
Categories: