Off-the-record messaging

From Citizendium, the Citizens' Compendium
Jump to: navigation, search
This article is a stub and thus not approved.
Main Article
Talk
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and not meant to be cited; by editing it you can help to improve it towards a future approved, citable version. These unapproved articles are subject to a disclaimer.

Off-the-record messaging or OTR is a system for providing encryption for Instant messaging (Internet chat) applications such as MSN and QQ.

OTR includes a mechanism for source authentication and data integrity protection; during a conversation, both players are assured that the other party is who they think it is and that the messages are received unaltered. However, it does not use digital signatures verifiable by a third party. After a conversation, anyone can forge messages after a conversation to make them look like they came from you, but no-one can prove a recorded message was actually sent by you. The system also provides perfect forward secrecy; if you lose control of your private keys, no previous conversation is compromised.

It is an open source application, distributed both as a library for developers and as a pre-built plugin for the multi-protocol instant messaging client Pidgin. There is a web site with downloads and extensive documentation.