World Library  
Flag as Inappropriate
Email this Article

Off-the-Record Messaging


Off-the-Record Messaging

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".[1]

The OTR protocol was designed by cryptographers Ian Goldberg and Nikita Borisov and released on 26 October 2004.[2] They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol. A Pidgin and Kopete plugin exists that allows OTR to be used over any IM protocol supported by Pidgin or Kopete, offering an auto-detection feature that starts the OTR session with the buddies that have it enabled, without interfering with regular, unencrypted conversations.


  • Implementation 1
  • Authentication 2
  • Limitations 3
  • Client support 4
    • Native 4.1
    • Via plug-in 4.2
    • Not in Google Talk 4.3
  • References 5
  • Further reading 6
  • External links 7


In addition to providing encryption and authentication — features also provided by typical public-key cryptography suites, such as PGP, GnuPG, and X.509 (S/MIME) — OTR also offers some less common features:

  • Forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
  • Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person. Within the conversation the recipient can be sure that a message is coming from the person they have identified.


As of OTR 3.1, the protocol supports mutual authentication of users using a shared secret through the socialist millionaire protocol. This feature makes it possible for users to verify the identity of the remote party and avoid a man-in-the-middle attack without the inconvenience of manually comparing public key fingerprints through an outside channel.


Due to limitations of the protocol, OTR does not support multi-user group chat as of 2009[3] but it may be implemented in the future. As of version 3[4] of the protocol specification, an extra symmetric key is derived during authenticated key exchanges that can be used for secure communication (e.g., encrypted Cryptocat, eQualitie, and other contributors including Ian Goldberg.[5][6]

Since OTR protocol v3 (libotr 4.0.0) the plugin supports multiple OTR conversations with the same buddy who is logged in at multiple locations.[7]

Client support

Developer(s) OTR Development Team
Stable release 4.0.1 / 21 October 2014 (2014-10-21)
Development status active
Written in C
Operating system Cross-platform
Type Software Library
License LGPL v2.1+[8]


These clients support Off-the-Record Messaging out of the box.

Via plug-in

Off-The-Record authentication in Pidgin using Socialist millionaires protocol

The following clients require a plug-in to use Off-the-Record Messaging.

Not in Google Talk

Although Gmail's Google Talk uses the term "off the record", the feature has no connection to the Off-the-Record Messaging protocol described in this article, its chats are not encrypted in the way described above - and could be logged internally by Google even if not accessible by end-users.[27][28]


  1. ^  
  2. ^  
  3. ^ Ian Goldberg (May 27, 2009). "multi-party OTR communications? (and other OTR details)". OTR-users mailing list. 
  4. ^ "Off-the-Record Messaging Protocol version 3". 
  5. ^ Nadim Kobeissi (2014-02-01). "mpOTR Project Plan". Cryptocat wiki on GitHub. 
  6. ^ Ian Goldberg, Matthew D. Van Gundy, Berkant Ustaoğlu, and Hao Chen (2009). "Multi-party Off-the-Record Messaging" (PDF). ACM. 
  7. ^ Ian Goldberg (September 4, 2012). "pidgin-otr and libotr 4.0.0 released!". OTR-announce mailing list. 
  8. ^ "Off-the-Record Messaging". 
  9. ^ "BitlBee Wiki". 2014-01-25. Retrieved 2014-05-15. 
  10. ^ "Kadu 1.0 Release Notes". 
  11. ^ "kopete-otr in KDE for 4.1". 
  12. ^ "kopete-otr review request". 
  13. ^ 0xd34df00d. "OTR Plugin". Retrieved 2014-05-15. 
  14. ^ "Short description". Retrieved 2014-05-15. 
  15. ^ "source code". 2013-10-25. Retrieved 2014-05-15. 
  16. ^ "OTR Plugin". Retrieved 2014-05-15. 
  17. ^ "Psi+ snapshots". Retrieved 2014-05-15. 
  18. ^ "OTR plugin for Gajim". 
  19. ^ "Gajim Wiki". 
  20. ^ gajim-otr project: This software is experimental and potentially insecure. Do not rely on it
  21. ^ "irssi-otr / xchat-otr plugin". 
  22. ^ "Miranda OTR Plugin". 
  23. ^ "OTR plugin for pidgin". 
  24. ^ "Psi-Patches and OTR-Plugin on". Retrieved 2014-05-15. 
  25. ^ "Tkabber OTR Plugin". 
  26. ^ "OTR plugin for WeeChat". 
  27. ^ "Chatting off the record - Talk Help". 
  28. ^ "Google Talk - Privacy Policy". 

Further reading

  • Joseph Bonneau, Andrew Morrison (2006-03-21). "Finite-State Security Analysis of OTR Version 2" (PDF). Retrieved 2013-09-05. 
  • Mario Di Raimondo, Rosario Gennaro, and Hugo Krawczyk (2005). "Secure Off-the-Record Messaging" (PDF). Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society.  

External links

  • Official website
  • Protocol specification
  • Off-the-Record Messaging: Useful Security and Privacy for IM, talk by Ian Goldberg at the University of Waterloo (video)
  • 'Off-the-Record' Instant Messaging Tutorial (encryption, authentication, deniability, ..) on YouTube
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.