Overview#Off-the-Record Messaging is a cryptographic protocol that provides encryption for Instant Messaging Applications.
Off-the-Record Messaging uses a combination of AES symmetric Key algorithm with 128 bits key length, the Diffie-Hellman key-Exchange with 1536 bits group size, and the SHA-1 hash Function. In addition to authentication and encryption, Off-the-Record Messaging provides Perfect Forward Secrecy and Homomorphic Encryption.
The primary motivation behind the protocol was providing Repudiation for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and non-Repudiation identities of the participants.
The Off-the-Record Messaging protocol was designed by cryptographers Ian Goldberg and Nikita Borisov and released on 26 October 2004. They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol. A Pidgin and Kopete plugin exists that allows OTR to be used over any IM protocol supported by Pidgin or Kopete, offering an auto-detection feature that starts the OTR session with the buddies that have it enabled, without interfering with regular, unencrypted conversations.
Off-the-Record Messaging provides:
- Encryption - No one else can read your instant messages.
- Authentication - You are assured the correspondent is who you think it is.
- Deniability - The messages you send do not have Digital Signatures that are checkable by a third-party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
- Perfect Forward Secrecy - If you lose control of your Private Keys, no previous conversation is compromised.