Off-the-record messaging: Difference between revisions
imported>Sandy Harris No edit summary |
imported>Sandy Harris No edit summary |
||
Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
'''Off-the-record messaging''' or '''OTR''' is a system for providing [[cryptography|encryption]] for [[Instant messaging]] (Internet chat) applications such as [[MSN]] and [[QQ]]. | '''Off-the-record messaging''' or '''OTR''' is a system for providing [[cryptography|encryption]] for [[Instant messaging]] (Internet chat) applications such as [[MSN]] and [[QQ]]. | ||
OTR includes a mechanism for [[information security#source authentication|source authentication]] and [[information security#integrity|data integrity protection]]; during a conversation, both players are assured that the other party is who they think it is and that the messages are received unaltered. However, it does not use [[digital signature]]s verifiable by a third party. After a conversation, anyone can forge messages after a conversation to make them look like they came from you, but no-one can prove a recorded message was actually sent by you. The system also provides [[perfect forward secrecy]]; if you lose control of your private keys, no previous conversation is compromised. | |||
It is an [[open source]] application, distributed both as a library for developers and as a pre-built plugin for the multi-protocol instant messaging client [[Pidgin chat client|Pidgin]]. There is a [http://www.cypherpunks.ca/otr/ web site] with downloads and extensive documentation. | It is an [[open source]] application, distributed both as a library for developers and as a pre-built plugin for the multi-protocol instant messaging client [[Pidgin chat client|Pidgin]]. There is a [http://www.cypherpunks.ca/otr/ web site] with downloads and extensive documentation. |
Revision as of 11:48, 3 March 2010
Off-the-record messaging or OTR is a system for providing encryption for Instant messaging (Internet chat) applications such as MSN and QQ.
OTR includes a mechanism for source authentication and data integrity protection; during a conversation, both players are assured that the other party is who they think it is and that the messages are received unaltered. However, it does not use digital signatures verifiable by a third party. After a conversation, anyone can forge messages after a conversation to make them look like they came from you, but no-one can prove a recorded message was actually sent by you. The system also provides perfect forward secrecy; if you lose control of your private keys, no previous conversation is compromised.
It is an open source application, distributed both as a library for developers and as a pre-built plugin for the multi-protocol instant messaging client Pidgin. There is a web site with downloads and extensive documentation.