A cryptographic protocol that provides encryption for instant messaging conversations. Uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.
Questions tagged [otr]
6 questions
8
votes
3 answers
Would Axolotl Ratchet protocol be suitable for encrypting email communication?
Axolotl Ratchet is used by the Signal messenger (formerly known as TextSecure) and an enhanced version of OTR in a way to make it suitable for mobile applications, which has the probability to encrypt messages without both parties to have to be…
rubo77
- 2,350
- 10
- 26
- 48
5
votes
1 answer
How was IronChat compromised?
How was IronChat compromised?
https://hotforsecurity.bitdefender.com/blog/police-crack-encrypted-chat-service-ironchat-and-read-258000-messages-from-suspected-criminals-20530.html
Dutch police have revealed that they were able to spy on the…
Chloe
- 1,668
- 3
- 15
- 30
2
votes
1 answer
Why is it possible to verify RedPhone inline while not OTR text apps?
Using RedPhone (the right way), one would call, establish a connection and read off the text verification on screen to the other party. If they match, it's ZRTP-secure, if it doesn't it's MITM'd.
Why can we do that on RedPhone, while not, say, on…
Mars
- 1,853
- 3
- 15
- 22
1
vote
0 answers
OTR and active Man In The Middle attacks
As I'm currently playing around with cryptography, especially OTR, I'm wondering about its security against active MitM attacks.
Let's say Alice and Bob created an OTR session, but Eve is acting as a MitM, changing messages, so that she can decrypt…
marius_linux
- 119
- 1
1
vote
0 answers
Solution for well-encrypted group messaging, on Android inside Knox
I am looking to setup a secure messaging system to be used among friends.
Ideally it would be cross-platform (Android-phones using the Knox-container, laptops, Android-tablets with Knox) and support group chats as well as the transfer of pictures.…
SpindizZzy
- 31
- 2
0
votes
2 answers
Is there any advantage on using OTR in a messaging app if the messages are first sent to a REST API server over HTTPS?
I don't have any kind of experience in security, but just on API and app development, and I'm developing an application for doctors and patients which has an added private messaging feature between doctor:patient.
I also should be able to retrieve…