OTR, or Off-the-Record Messaging is a protocol used in encryption of Instant Messaging (IM) conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.
OTR protocol was created by cryptographers Ian Goldberg and Nikita Borisov, first released on 26 October 2004. Version 4 of OTR is currently in design stage led by Sofía Celi, reviewed by Nik Unger and Ian Goldberg. This OTR version aims to provide online and offline deniability, update to the cryptographic primitives, and support for out-of-order delivery & asynchronous communication.
In addition to providing encryption and authentication – features also provided by typical public-key cryptography suites, such as PGP, GnuPG, and X.509 (S/MIME) — OTR also offers some less common features:
- Forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie–Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person. Within the conversation the recipient can be sure that a message is coming from the person they have identified.
As of OTR 3.1, the protocol supports mutual authentication of users using a shared secret through the “socialist millionaire” protocol. This feature makes it possible for users to verify the identity of the remote party and avoid a man-in-the-middle attack without the inconvenience of manually comparing public key fingerprints through an outside channel.
However, due to limitations of the protocol, OTR does not support multi-user group chats. Since OTR is handled client-side, ejabberd XMPP server supports OTR out-of-the-box and no additional configuration is required.
Photo by Volodymyr Hryshchenko on Unsplash