Instant messaging,

Off-the-Record

OTR!

OTR, which stands for Off-the-Record messaging is a cryptographic protocol that provides strong encryption for instant messaging conversations. Originally designed by, among others, Ian Goldberg.

Get to know the OTR protocol »

Bugtracker

Help us improve OTR software by filing bugs, triaging bugs or submit patches to solve issues.

Contribute to the bugtracker »

Reaching developers

Many of the OTR enthusiasts and developers idle on the #OTR channel on the OFTC IRC network. Feel free to join, lurk or discuss..

IRC webchat »

Dev Mailinglist

If you are interested in contributing to OTR development or have questions regarding using OTR libraries in your software you should reach out to the OTR-dev mailinglist.

Development mailinglist »

User mailinglist

OTR has numerous users from all kinds of backgrounds, next to it being used by several hundred-thousands throughout the the world. Signup to the user mailinglist to help us improve documentation.

User mailinglist »

Chat

OTR.im offers a free and secure Jabber service that anyone can use by registering an account through your favorite chat client.

Chat »

OTR's features

Encryption - No one else can read your instant messages over a network.

Authentication - You are assured the correspondent is who you think it is.

Deniability - The messages you send do not have digital signatures that are verifiable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he or she sees are authentic and unmodified.

Forward Secrecy - If you lose control of your private keys, no previous conversation is compromised.

What's the difference between PGP and OTR?

OTR - Off the Record

OTR is designed for instant messaging. It initiates a key-exchange between two peers when they are both online. Forward secrecy ensures that, if one of the peers loses control of the long-lived cryptographic keys, no previous conversations can be compromised.

OTR encrypted messages don't contain digital signatures. After a conversation is over, anyone could forge messages which appear to originate from one of the participants of the conversation. Which means that you can't prove the authenticity of the message. However, there is no precedence in any real-life court case with this scenario.

OTR implements among others the authentication through the socialist millionaire protocol. This means that, peers can verify each others' identity through the use of a shared secret avoiding a man-in-the-middle attack. Furthermore, users get around the inconvenience of manually comparing each others fingerprints through e.g, an outbound channel over the internet.
One can also verify the identity of a peer through comparing fingerprints.

PGP - Pretty Good Privacy

PGP, which stands for "Pretty Good Privacy" was designed for encrypting, decrypting and signing e-mail and data like, texts, files, whole disk partitions.

By using PGP for e-mail to exchange messages, at least two or more peers each have an keypair. Now, if you want to verify the key, you can't make use of a protocol as like with OTR. It can only be done by verifying the fingerprint of the peer you want to communicate with, preferrably over a secure channel.

It also comes with digital signatures which are used for message authentication and integrity checking. The latter is only used to see whether the message has been tampered with and if the sender was the real sender. With PGP you can't deny to ever have received the message like you can with OTR.