Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. The initial introductory paper was named "Off-the-Record Communication, or, Why Not to Use PGP". by a team led by Sofía Celi, and reviewed by Nik Unger and Ian Goldberg. This version aims to provide online and offline deniability, to update the cryptographic primitives, and to support out-of-order delivery and asynchronous communication.

According to classified NSA documents published in the Der Spiegel article on 28 December 2014, the NSA intercepted a conversation between two users, but messages could not be decrypted by the NSA because the users were using the OTR protocol.

History

OTR was presented in 2004 by Nikita Borisov, Ian Avrum Goldberg, and Eric A. Brewer as an improvement over the OpenPGP and the S/MIME system at the "Workshop on Privacy in the Electronic Society" (WPES). for ejabberd, making it possible to perform man-in-the-middle attacks on OTR users who don't check key fingerprints. OTR developers countered this attack by introducing a socialist millionaire protocol implementation in libotr. Instead of comparing key checksums, knowledge of an arbitrary shared secret can be utilised for which relatively low entropy can be tolerated.

  • HexChat, with a third-party plugin

<!--

-->

Further reading

  • Protocol specification
  • Implementations of XEP-0364 list of messengers and libraries that supports the OTR.
  • XEP-0364: Current Off-the-Record Messaging Usage
  • Off-the-Record Messaging: Useful Security and Privacy for IM , talk by Ian Goldberg at the University of Waterloo (video)
  • An odyssey of encryption in XMPP an overview of the current support of the OTR in XMPP clients