Off-the-Record Messaging

R.A. Hettinga rah at
Sat Mar 19 08:24:03 EST 2005


Off-the-Record Messaging

News - Downloads - Mailing Lists - Documentation - Frequently Asked
Questions - Press

Off-the-Record (OTR) Messaging allows you to have private conversations
over instant messaging by providing:
No one else can read your instant messages.
You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are  checkable by
a third party. Anyone can forge messages after a  conversation to make them
look like they came from you. However,  during a conversation, your
correspondent is assured the messages  he sees are authentic and unmodified.
 Perfect forward secrecy
If you lose control of your private keys, no previous conversation  is

24 Feb 2005
otrproxy-0.2.0 released. Changes from 0.1.x:
	* 	 There's now a GUI! See the README for more details.
 23 Feb 2005
gaim-otr 2.0.1 released. Changes from 2.0.0:
	* 	 Removed people without fingerprints from the Known Fingerprints
	* 	 The column heads in the Known Fingerprints list cause sorting to
happen in the expected way.
 22 Feb 2005
Nikita made a 0.1.2 version of otrproxy for OSX. Changes from 0.1.1:
	* 	 AIM screen names should be compared case- and space- insensitively.
 16 Feb 2005
Version 2.0.1 of libotr released. Changes from 2.0.0:
	* 	 Don't send encrypted messages to a buddy who has disconnected
his private connection with us.
	* 	 Don't show the user the "the last message was resent" notice if
the message has never actually been sent before.
	* 	 Fix a crash bug that happened when messages were retransmitted
under certain circumstances.

 More News...


OTR library and toolkit

This is the portable OTR Messaging Library, as well as the toolkit to help
you forge messages. You need this library in order to use the other OTR
software on this page. [Note that some binary packages, particularly
Windows, do not have a separate library package, but just include the
library and toolkit in the packages below.] The current version is 2.0.1.

Source code (2.0.1)
 Compressed tarball (sig)
 Fedora Core 3 SRPM
[Note that if you're compiling from source on win32, you may need to make
this patch to libgcrypt-1.2.1.]
 Linux/x86 (2.0.1)
 Debian testing/unstable
Debian testing/unstable dev package
Fedora Core 3 RPM
Fedora Core 3 dev RPM
Linux/x86_64 (2.0.1)
 Fedora Core 3 RPM
Fedora Core 3 dev RPM

OTR plugin for gaim

This is a plugin for gaim 1.x which implements Off-the-Record Messaging
over any IM network gaim supports. The current version is 2.0.1. You may
need the above library packages.

Source code (2.0.1)
 Compressed tarball (sig)
 Fedora Core 3 SRPM
Linux/x86 (2.0.1)
 Debian testing/unstable (Debian stable does not have the required 1.x
version of gaim)
 Fedora Core 3 RPM
Linux/x86_64 (2.0.1)
 Fedora Core 3 RPM
Windows (2.0.1)
 Win32 installer (sig)

 OTR localhost AIM proxy

This is a localhost proxy you can use with almost any AIM client in order
to participate in Off-the-Record conversations. The current version is
0.2.0, which means it's still a long way from done. Read the README file
carefully. Some things it's still missing:
	* 	 Username/password authentication to the proxy
	* 	 Having the proxy be able to use outgoing proxies itself
	* 	 Support for protocols other than AIM/ICQ
	* 	 Configurability of the proxy types and ports it uses
 But it should work for most people. Please send feedback to the otr-users
mailing list, or to the dev team. You may need the above library packages.

Source code (0.2.0)
 Compressed tarball (sig)
 Fedora Core 3 SRPM
Linux/x86 (0.2.0)
 Debian testing/unstable
Fedora Core 3 RPM
Windows (0.2.0)
 Win32 installer (sig)
 OSX (0.2.0)
 OSX package

Mailing Lists

If you use OTR software, you should join at least the otr-announce mailing
list, and possibly otr-users (for users of OTR software) or otr-dev (for
developers of OTR software) as well.


Here are some documents and papers describing OTR. The WPES presentation is
quite useful to get started.
	* 	 Protocol description
	* 	The WPES 2004 version of our paper
	* 	Our WPES presentation (Powerpoint)
	* 	Our WPES presentation (PDF)

Frequently Asked Questions
What implementations of Off-the-Record Messaging are there?
Right now, there's the plugin for gaim, which is supported on Linux and
Windows. There's also the OTR proxy, which is supported on Linux, Windows,
and OSX. The OTR functionality is separated into the Off-the-Record
Messaging Library (libotr), which is an LGPL-licensed library that can be
used to (hopefully) easily produce OTR plugins for other IM software, or
for other applications entirely.
 What is the license for the OTR software?
The Off-the-Record Messaging Library is licensed under version 2.1 of the
GNU Lesser General Public License. The Off-the-Record Toolkit, the gaim-otr
plugin, and the OTR proxy are licensed under version 2 of the GNU General
Public License.
 How is this different from the gaim-encryption plugin?
The gaim-encryption plugin provides encryption and authentication, but not
deniability or perfect forward secrecy. If an attacker or a virus gets
access to your machine, all of your past gaim-encryption conversations are
retroactively compromised. Further, since all of the messages are digitally
signed, there is difficult-to-deny proof that you said what you did: not
what we want for a supposedly private conversation!
 How is this different from Trillian's SecureIM?
SecureIM doesn't provide any kind of authentication at all! You really have
no idea (in any kind of secure way) to whom you're speaking, or if there is
a "man in the middle" reading all of your messages.
 How is this different from SILC?
SILC uses a completely separate network of servers and underlying network
protocol. In some environments, such as firewalled or corporate setups,
where a local proprietary IM protocol may be in use, SILC may not be
available. Further, in its normal mode of operation, all SILC messages are
shared with the SILC servers; if you want to send messages that can only be
read by the person with whom you're communicating, you need to either (1)
arrange a pre-shared secret in advance (which hampers perfect forward
secrecy), or (2) be able to do a direct peer-to-peer connection to the
other person's client, in order to do a key agreement (which may not be
possible in a NAT or firewall situation).

 Is your question not here? Ask on the otr-users mailing list!
 Nikita Borisov, Ian Goldberg
R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list