What is OTR (or Off-the-Record) messaging?

OTR (or Off-the-Record) messaging is a message encryption protocol for instant messaging. It governs the ongoing update and management of short-lived session keys.

In contrast to the transmission of encrypted messages using OpenPGP (or, in rare cases, using an X.509 certificate), with off-the-record messaging it is no longer possible to determine later whether a particular key was used by a particular person (principle of plausible deniability). This means that once the conversation has ended, no one (not even either of the two communication partners) can prove that one of the communication partners made a certain statement.

This principle is implemented through the combined use of the symmetric cryptographic method Advanced Encryption Standard (AES), Diffie-Hellman key exchange, and the cryptographic hash function SHA-1. A program library and numerous instant messaging programs are available that can use the protocol either directly or via additional modules.

Project's statutes

Encryption

No one can read the messages.

Authentication

You can be sure that the recipient is who you think he is.

Deniability

Encrypted messages do not contain an electronic signature. It is therefore possible for someone to forge messages after a conversation so that they appear to come from oneself. However, during a conversation, the recipient can be certain that the messages received are authentic and unaltered.

Perfect Forward Secrecy

If the (long-lived) private key falls into the hands of a third party, this has no effect on the compromise of previously made calls: The calls cannot be subsequently decrypted with it.


Privacy · Imprint