In this article, we will get technical and explain how OTR Messaging works. We do our best to give a correct description of the OTR protocol. The post contains a simple and a difficult version, choose which one you like. Please keep in mind that even the difficult version is a strong simplification, because of the advanced mathematics that a correct and complete description would require.
We all use messaging services, like SMS, WhatsApp, iMessage, Google Hangouts and Facebook Messenger at work or for private conversations. Unfortunately, popular services are highly compromised when it comes to privacy. There are much better options. In this post, we will explain the technical details of OTR Messaging in Pidgin.
The inventors of OTR really thought the concept through. It is almost completely fail-safe. The process is the same in other messengers that support OTR, but we will focus on Pidgin here. The process is called the OTR ratchet. Your Pidgin client does all the steps automatically, so do not worry about too many details. Programmers around the world have checked the open-source code and verified that it works like this, even if you cannot see it. We can therefore trust Pidgin and OTR.
On other websites and in textbooks, you will find similar descriptions, but they use Alice and Bob and do not call the chat participants sender and recipient directly. Alice and Bob are the placeholder names used to describe communication security, just like we use the names Mallory (for malicious attacker) or Trudy (for intruder).
The inventors of OTR really thought the concept through. It is almost completely fail-safe. We will now cover the technical details. You do not have to understand them at all to use Pidgin, because you do not actually see the process happening. The procedure is the same in other messengers that support OTR, but we will focus on Pidgin here. Feel free to skip this technical explanation if you want to. Only read it if you are fascinated by the technology behind cryptography, like we are.
In the following, the first step is only done once at the start of the chat session. The steps 2 and 3 are repeated for every message. It all happens instantly and you do not need to worry about the details that run in the background. We tried to formulate it in simple terms, but in reality it is even more complicated than what we will describe here:
s
. That is a key value calculated using the Diffie-Hellman key exchange protocol.s
is updated and can be recalculated with the most recent key you get from the recipient.K
AES
from the first 128 bits of the SHA-hash-value of the common secret. From the AES-keys, your client program calculates an MAC-key called K
MAC
as a new hash value of the 160-bit hash of the AES-key. Next, Pidgin creates a numerator called c
and enters Counter Mode
.K
AES
and c
. The result is the encrypted message N
. Pidgin builds a package T
that contains N
and other info, like the version number of the protocol. From that package data, Pidgin calculates a Message Authentication Code called MAC
KMAC
(T)
. The code MACK
MAC
(T)
and the package T itself are then sent to the receiver.K
AES
and K
MAC
too. Following this step, he/she uses K
MAC
to calculate MAC
KMAC
(T)
as well. This value is then compared to the one received from the sender.N
, using the K
AES
and c
values that he/she got in the package T
from the sender.Did you make it to the end? 😛
We hope that we could help you understand how OTR Messaging works, but there is much more to learn. We recommend the Wikipedia articles on Symmetric-key algorithms and the Diffie–Hellman key exchange. If you speak German, you should read the German Wikipedia article on Off-the-Record Messaging, the English version is honestly not very helpful.