| Tuesday May 31st 2016

Protecting your IMs from prying eyes with OTR


Leading security researcher and co-creator of the Off-the-Record Messaging (OTR) protocol discusses why you should use OTR to make sure your instant messages remain private. This is especially important given the NSA’s recent wiretapping activities and the increasing prominence of Big Brother.

Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie-Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and deniable encryption. This is not to be confused with the “off the record” setting in Google Talk, which merely disables logging.

The redeeming thing about OTR is that there is pretty much no configuration after its installed. You don’t have to worry about managing keys, trust databases, or any of that crap. You just click the button and it encrypts. When you “authenticate” someone, you don’t have to memorize their public key. Instead, you type in a shared secret (any string) and if the other party types in the same string, their public key is marked as trusted. Of course, it uses an algorithm that doesn’t reveal the secret to the other party. Pure genius. Great article and video.

Link to article

Link to OTR 

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.