OTR chat encryption project is taking Bitcoin donations!

[gmaxwell]

 http://www.cypherpunks.ca/otr/donate.php

OTR is one of the best pieces of encryption technology available today.

It does all the right stuff from a security perspective but more importantly it does things in a way which is deeply thoughtful about the user factors.  While it's fairly difficult to use GPG/PGP and thus really hard to get people to use them: OTR works pretty transparently and in doing so turns otherwise treacherous commercial chat networks into ones that are a little less able to betray their users.

OTR opportunistically encrypts whenever it can (my minor contribution to the protocol, years ago), and allows strong authentication when the users are willing and able. For authentication you can do the boring fingerprint comparison stuff, or it can use a challenge question based on a zero-knowledge-proof:  The math is complicated but the result is security that works for how regular people usually talk, no dorky key signing parties required. It certainly doesn't depend on any of the horrible hole ridden and difficult to use PKI CA infrastructure. If you're not up for authentication you still get crypto which kills passive snoops dead.

Unlike most prior chat encryption systems when authenticated it operates without actually cryptographically signing your messages and creating proof of what you said that a treacherous counter-party could show to others against your wishes. Non-repudiation is very good, but you should only have it when you want it and know that it's there. OTR tries to minimize surprises.

In spite of all the great things that OTR already does there is still a lot left that could be done:  Support for additional chat systems and clients, further attack hardned software, additional authentication options, multiparty chat, encrypted file / multimedia transmission, formally specifying the protocol in an internet draft, and many other things.  While there are many commercial companies out there creating snake-oil closed source crypto— stuff that inevitability turns out insecure— are now exploiting the NSA/prism stuff to make a pretty penny on the various app stores, OTR has continued trucking along delivering the real deal to everyone at no cost while advancing the art in both cryptography and cryptographic usability.

I think in general the Bitcoin community can learn a lot from how OTR uses technology to serve human interests without compromising on the security— something we should always strive for in the tools and infrastructure we build. Without secure communications our whole economy is more fragile: Bitcoin depends on information being easy to spread and hard to stifle.

I've donated: OTR is something that many of us have reason to support.

[1714024115]

1714024115

[1714024115]

1714024115

[1714024115]

1714024115

[1714024115]

1714024115

[melon]

Awesone to knpw..good thread...hp[efully it can be integrated into user friemd;y apps so people like me can use it w. low knowledge of the inner workings.

[Dabs]

I've used it.. the actual messages are encrypted! ... check your gtalk or hangouts after using it.

[marcus_of_augustus]

thnx.

[Mike Hearn]

Oh, that whitespace trick is clever. I've avoided OTR because I know someone who used it and every conversation with him started with some bizarre in-band protocol spam. But it seems like that may have changed.

What would be really useful is some kind of bitcoin Jabber server, for people who work on the project. IRC really isn't as good. Does OTR do group chats? I don't really want to use this with GTalk because, well, most of the people I do Bitcoin-related stuff aren't on my contact list, and I tend to rely on the webbased chat client built into gmail.

[gmaxwell]

Oh, that whitespace trick is clever. I've avoided OTR because I know someone who used it and every conversation with him started with some bizarre in-band protocol spam. But it seems like that may have changed.

Hm. IIRC only the very early pre-release stuff didn't have the steganographic negotiation. If he contact set his client to _force_ OTR you'll get the spam, but then he also couldn't talk if OTR doesn't come up. Maybe there are some alt implementations that spam.

The worst long term usability problem was that OTR didn't handle multiple concurrent logins well— esp on chat networks where concurrent use is half-duplex— and it would yabber back and forth trying to bring up an encrypted session only to be confused by the extra client and you'd get a bunch of spam, so perhaps that is what you saw.  This required a protocol revision to fix and it's now fixed in the latest version of the protocol.

What would be really useful is some kind of bitcoin Jabber server, for people who work on the project. IRC really isn't as good. Does OTR do group chats? I don't really want to use this with GTalk because, well, most of the people I do Bitcoin-related stuff aren't on my contact list, and I tend to rely on the webbased chat client built into gmail.

It doesn't do group chat yet, the OTR folks published a paper covering the cryptography they needed for it to achieve all the desired properties (e.g. authentication without creating non-repudiation and group key agreement that doesn't let any party pick keys to help outside observers) but it's not all implemented yet.

[GrantDe]

Yes!  I'm donating right now!

[Mike Hearn]

Alright. I grabbed Pidgin and then installed the OTR plugin. It was pleasantly easy to set up (read: no setup).

I am wondering if the "spam" that I saw is the result of the OTR plugin sending some info about itself to the other side if it fails to set up. Perhaps the other guy was pushing the "start private conversation" button even though I didn't have OTR.

As far as I can tell, anyone who has me in their G+ circles or has added my gtalk account (mh.in.england@gmail.com) should be able to use it now, as long as I'm logged in. I'll have to try setting up Adium later.

I'm not sure how I'd authenticate myself given that most people who want to talk to me don't know anything private about me. But I'll be happy with unauthenticated crypto for now.

edit: things went south when I tried to set it up on Android. There aren't any good Android IM clients that support OTR, and I found the multi-session support to be rather flaky. When two people were both logged in two clients (desktop/mobile), things just failed to setup, messages got misrouted, etc. I guess this part needs more work. Also whilst the Gibberbot guys have realised they need to improve the UI a lot and are working on that (+a new name thank god), it's still light years behind professionally designed IM apps like WhatsApp/Hangouts or Threema.

If the multi-device aspects were made more robust and a really solid Android app came along, it'd be golden.

(I donated)

[keystroke]

Oh yea I donated some coin and also... bump.

Would be awesome if OTR had a project roadmap or public TODO list. The stuff Mike mentioned is important and I don't see it anywhere. Hardened software would be good -- e.g. TAILS just removed the non-XMPP stuff from Pidgin for some reason (perhaps there's a history of more exploits in AIM/etc. libraries), and OTR forgot to enable DEP and ASLR recently. Also the latest Pidgin fails with some of the EMET exploit mitigation features under Windows (looks like it will be patched in the next version).

File transmission capabilities would definitely be useful.

[charleshoskinson]

My company is developing an open sourced communication protocol for one of our products that will be in beta this November that enjoys equivalent security to OTR and preserves anonymity in communications. GMaxwell, I'd like to thank you for also taking on this task. The more tools we have to secure and anonymize our communications, the better the world becomes.