- Off-the-Record Messaging
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.
The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with other cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. In most cases, people using such cryptography software are not aware of this and might be better served by OTR tools instead. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".
The OTR protocol was designed by cryptographers Ian Goldberg and Nikita Borisov. They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol and a special OTR-proxy for AIM, ICQ, and .Mac clients which support proxies. A Pidgin and Kopete plugin exists that allows OTR to be used over any IM protocol supported by Pidgin or Kopete, offering an auto-detection feature that starts the OTR session with the buddies that have it enabled, without interfering with regular, unencrypted conversations.
In addition to providing encryption and authentication — features also provided by typical public-key cryptography suites, such as PGP, GnuPG, and X.509 (S/MIME) — OTR also offers some less common features:
- Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
- Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person. Within the conversation the recipient can be sure that a message is coming from the person they have identified.
As of OTR 3.1 the protocol supports mutual authentication of users using a shared secret through the socialist millionaire protocol. This feature makes it possible for users to verify the identity of the remote party and avoid a man in the middle attack without the inconvenience of manually comparing public key fingerprints through an outside channel.
Due to limitations of the protocol, OTR does not support multi-user group chat as of 2009 or encrypted file transfers, but these may be implemented in the future. Support for encrypted audio or video is not planned.
These clients support Off-the-Record Messaging out of the box.
- Adium (Mac OS X), but an older version.
- climm (Unix-like), since (mICQ) 0.5.4.
- MCabber (Unix-like), since 0.9.4
- CenterIM (Unix-like), since 4.22.2
- Phoenix Viewer (successor of Emerald Viewer), a Second Life client (Cross-platform)
- Vacuum IM (Cross-platform) 
- Jitsi (Cross-platform)
- BitlBee (Cross-platform), since 3.0 (optional at compile-time)
- Spark (cross-platform) since 2.6.2
The following clients require a plug-in to use Off-the-Record Messaging. Plugin support allows use of OTR with all of a client's implemented instant messaging protocols (e.g. OSCAR, XMPP, MSN, YIM/YMSG etc.).
- Pidgin (Cross-platform), with an plugin available from the OTR homepage
- Kopete (Unix-like), either with a third-party plugin or, since the addition of Kopete-OTR on 12th of March 2008, with the version of Kopete shipped with KDE 4.1.0 and later releases.
- Miranda IM (Microsoft Windows), with a third-party plugin
- Psi (Cross-platform), with a third-party plugin and build, in Psi+ native usable
- Trillian (Microsoft Windows), with a third-party plugin
- irssi, with a third-party plugin
For those clients which have no native OTR support, a GUI proxy is available. That means that the messages are sent to the proxy unencrypted and get encrypted while they "flow" through this locally installed and running application called a proxy. Currently, the proxy provided by the OTR-project supports only the OSCAR-protocol, thus it can be used for .Mac, ICQ, Sametime, and AIM. The OTR proxy is capable of SOCKS5, HTTPS, and HTTP.
Some .Mac, ICQ, and AIM clients that support proxies, but do not support OTR natively:
"TextSecure", a free Android application released by Whisper Systems in 2010, provides secure SMS text messaging using a protocol based on OTR (with ECC keys instead of Diffie-Helman keys, to save space). 
"ChatSecure", (formerly "Off the Record") a free open-source iPhone application (in early development) providing OTR encryption over the AIM and XMPP protocols.
- ^ Nikita Borisov, Ian Goldberg, Eric Brewer (2004-10-28). "Off-the-Record Communication, or, Why Not To Use PGP" (PDF). Workshop on Privacy in the Electronic Society. http://www.cypherpunks.ca/otr/otr-wpes.pdf. Retrieved 2006-08-29.
- ^ "lists.cypherpunks.ca/pipermail/otr-users/2009-May/001647.html". http://lists.cypherpunks.ca/pipermail/otr-users/2009-May/001647.html.
- ^ "Phoenix Viewer". http://www.phoenixviewer.com/.
- ^ "Emerald Viewer". http://modularsystems.sl/.
- ^ "Vacuum IM". https://code.google.com/p/vacuum-im/.
- ^ "Release of Spark 2.6.2". http://community.igniterealtime.org/blogs/ignite/2011/06/22/release-of-spark-261.
- ^ "OTR plugin for pidgin". http://www.cypherpunks.ca/otr/#downloads.
- ^ "OTR Plugin for Kopete". http://kopete-otr.follefuder.org/.
- ^ "kopete-otr in KDE for 4.1". http://kopete-otr.follefuder.org/news.html.
- ^ "kopete-otr review request". http://lists.kde.org/?t=120397998900007&r=1&w=2.
- ^ "Miranda OTR Plugin". https://code.google.com/p/mirotr/.
- ^ Psi-Patches and OTR-Plugin on tfh-berlin.de
- ^ Website of the Psi-Developperversion Psi+
- ^ "Trillian OTR". http://trillianotr.kittyfox.net/.
- ^ "irssi-otr". http://irssi-otr.tuxfamily.org.
- ^ Android apps for encrypting calls and texts The H, 27 May 2010
- ^ FAQ: How does TextSecure provide encrypted texting?
- ^ Gibberbot: Secure Instant Messaging
- ^ Gibberbot (on GitHub)
- ^ "Off the Record for iOS". https://github.com/chrisballinger/Off-the-Record-iOS.
- Joseph Bonneau, Andrew Morrison (2006-03-21) (PDF). Finite-State Security Analysis of OTR Version 2. http://www.jbonneau.com/OTR_analysis.pdf. Retrieved 2006-10-24.
- OTR project site
- Protocol description
- Off-the-Record Messaging: Useful Security and Privacy for IM, talk by Ian Goldberg at the University of Waterloo (video).
- OTR installation Detailed installation instructions for various platforms.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Off-the-Record Messaging — Entwickler Das OTR Team Aktuelle Version 3.2.0 (15. Juni 2008) Betriebssystem Microsoft Windows, Linux, FreeBSD … Deutsch Wikipedia
Off-the-record messaging — Off the Record Messaging, appelé communément OTR, est un protocole cryptographique. Sommaire 1 Description 2 Disponibilité 2.1 D origine dans 2.2 Sous forme de plugin … Wikipédia en Français
Off-the-Record Messaging — Off the Record Messaging, appelé communément OTR, est un protocole cryptographique. Sommaire 1 Description 2 Disponibilité 2.1 D origine dans 2.2 Sous forme de plugin … Wikipédia en Français
Off-the-Record Messaging — OTR (Off the Record) encryption протокол шифрования сообщений для сетей обмена мгновенных сообщений, созданный Никитой Борисовым и Ианом Голдбергом (англ. Ian Goldberg). Авторами создана библиотека, распространяемая под лицензией GNU… … Википедия
Off the record — is a term related to journalism sourcing; see Journalism sourcing#Using confidential information. Off the record may also refer to: Contents 1 Music 2 Television … Wikipedia
The CW Television Network — Type Broadcast television network … Wikipedia
The Lion King — This article is about Disney s 1994 film. For the franchise, see The Lion King (franchise). For the ferry, see MS Kongshavn. The Lion King … Wikipedia
OTR Messaging — Off the Record Messaging Entwickler: cypherpunks Aktuelle Version: 3.2.0 (15. Juni 2008) Betriebssystem: Microsoft Windows, Linux, FreeBSD, NetBSD, Mac OS X … Deutsch Wikipedia
Extensible Messaging and Presence Protocol — Familie: Internetprotokollfamilie Einsatzgebiet: Instant Messaging Ports: 5222/TCP (Client zu Server) 5269/TCP (Server zu Server) Legacy SSL: 5223/TCP (SSL) XMPP im TCP/IP‑Protokollstapel: Anwendung … Deutsch Wikipedia
Proteus (instant messaging client) — Infobox Software name = Proteus caption = Proteus in action developer = Proteusapps released = ? frequently updated = no, abandoned programming language = Cocoa operating system = Mac OS X language = genre = Instant messaging client license =… … Wikipedia