Donate!

Off-the-Record Messaging

News

9 Mar 2016

Security update: libotr version 4.1.1

Versions 4.1.0 and earlier of libotr in 64-bit builds contain an integer overflow security flaw. This flaw could potentially be exploited by a remote attacker to cause a heap buffer overflow and subsequently for arbitrary code to be executed on the user's machine.

CVE-2016-2851 has been assigned to this issue.

Please upgrade to libotr version 4.1.1 immediately.

Users of libotr packages in Linux and *BSD distributions should see updated packages shortly.

This security release includes the following updates:

  • Fix an integer overflow bug that can cause a heap buffer overflow (and from there remote code execution) on 64-bit platforms
  • Fix possible free() of an uninitialized pointer
  • Be stricter about parsing v3 fragments
  • Add a testsuite ("make check" to run it), but only on Linux for now, since it uses Linux-specific features such as epoll
  • Fix a memory leak when reading a malformed instance tag file
  • Protocol documentation clarifications

pidgin-otr version 4.0.2 released

This point release includes the following updates:

  • Fix use-after-free issue during SMP
  • Updated Spanish, German, Norwegian Bokmål translations
  • New Danish translation
  • The Windows binary has been linked with updated versions of libotr, libgcrypt, libgpg-error, and other supporting libraries

21 Oct 2014

pidgin-otr 4.0.1 released
This point-release includes the following updates:
  • Fix max message size for Novell Groupwise
  • New Czech, Finnish, Brazilian Portuguese, Norwegian Bokmål translations. Updated French, Chinese translations.
  • The Windows binary has been linked with updated versions of libotr, libgcrypt, and libgpg-error.
libotr 4.1.0 released
This minor-version update includes the following changes:
  • Modernized autoconf build system
  • Use constant-time comparisons where needed
  • Use gcrypt secure memory allocation
  • Correctly reject attempts to fragment a message into too many pieces
  • Fix a missing opdata when sending message fragments
  • Don't lose the first user message when REQUIRE_ENCRYPTION is set
  • Fix some memory leaks
  • Correctly check for children contexts' state when forgetting a context
  • API Changes:
    • Added API functions otrl_context_find_recent_instance and otrl_context_find_recent_secure_instance.

10 Oct 2014

git repos and bugtracker now on otr.im
We now link to the new git repositories and the bugtracker on the community development site, otr.im.

28 Sept 2013

Now running on a new server
We've migrated the OTR website to a new and faster server. (Updated 3 Oct 2013): The URL is now https://otr.cypherpunks.ca/, as we have enabled TLS.

24 July 2013

Now experimenting with Bitcoin for donations
If you'd like to donate to the OTR project using Bitcoin, bitcoin:14Tyk13ELKcRaJe1CfZE8f58QcBHfeV1tQ?label=OTR is ready to receive your support.

9 Sept 2012

pidgin-otr 4.0.0-1 for Windows released

Daniel Atallah noted that Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were not enabled in the Windows release of pidgin-otr 4.0.0-0. We have corrected the oversight, and 4.0.0-1 is now available.

DEP and ASLR offer additional protection to programs in the event that they already have a security flaw that allows an attacker to take control of a program. They aim to limit the attacker to crashing your program, rather than being able to do anything more nefarious. We of course hope there is no such existing flaw in pidgin-otr, but better safe than sorry. :-)

4 Sept 2012

pidgin-otr 4.0.0 and libotr 4.0.0 released

The long-awaited version 4.0.0 of pidgin-otr and libotr are finally here!

The main new features in 4.0.0:
  • Support v3 of the OTR protocol
  • The plugin now supports multiple OTR conversations with the same buddy who is logged in at multiple locations. In this case, a new OTR menu will appear, which allows you to select which session an outgoing message is intended for. Note that concurrent SMP authentications with the same buddy who is logged in multiple times is not yet supported (starting a second authentication will end the first).
  • During a private conversation with a buddy, an incoming unencrypted message will now trigger the regular incoming message notifications. In Pidgin this includes showing the message in the top-right notification area, if it is normally configured to do so.
  • When a private conversation begins, the plugin will indicate whether Pidgin is configured to log the conversation.
  • By default, OTR conversations will not be logged by Pidgin.
  • New translations.
  • libotr API changes:
    • instance tags, to support multiple simultaneous logins
    • support for asynchronous private key generation
    • the ability to provide an "extra" symmetric key to applications (with forward secrecy)
    • applications can supply a format conversion callback if they do not natively use XHTML-style UTF8 markup
    • error messages formerly provided by libotr are now handled using callbacks to the application, for better i18n support
    • otrl_message_sending now handles message fragmentation internally

14 August 2012

libotr version 3.2.1 released

Versions 3.2.0 and earlier of libotr contain a small heap write overrun (thanks to Justin Ferguson for the report), and a large heap read overrun (thanks to Ben Hawkes for the report).

Windows pidgin-otr users should upgrade to pidgin-otr version 3.2.1-2 immediately, which has been linked to the corrected libotr 3.2.1.

Users of libotr packages in Linux and *BSD distributions should see updated packages shortly.

16 May 2012

Security update: pidgin-otr version 3.2.1

Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format string security flaw. This flaw could potentially be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine.

The flaw is in pidgin-otr, not in libotr. Other applications that use libotr are not affected.

CVE-2012-2369 has been assigned to this issue.

Please upgrade to pidgin-otr version 3.2.1 immediately.

Users of pidgin-otr packages in Linux and *BSD distributions should see updated packages shortly.

3 Oct 2009

java-otr 0.1.0 (finally!) released
This is for developers of Java applications that want to add support for OTR. End users do not require this package. Download it here.

15 Jun 2008

pidgin-otr-3.2.0 and libotr-3.2.0 released. Changes from 3.1.0:
  • The functionality of the OTR button has now moved to a menu. There's an "OTR" menu, as well as an icon showing the current OTR state of each active conversation in the window.
  • New OTR icons from <cyrus_xiii@yahoo.com>
  • OTR icons show up inline in the conversation window when the OTR status changes.
  • Buddy authentication has been revamped, based on the user study published in SOUPS 2008. The default is now to choose a question and an answer only you and the buddy should know. The question is displayed to the buddy, who is prompted for the answer. The "shared secret" and "fingerprint" authentication methods are still available.
  • Translations for Arabic, German, Russian, Hungarian

1 Aug 2007

pidgin-otr-3.1.0 and libotr-3.1.0 released. Changes from 3.0.0:
  • Translations for English, Dutch, Spanish, French, Slovak
  • Added option to not log OTR conversations
  • Large messages are now fragmented transparently instead of failing
  • Removed "view secure session id" and "verify fingerprint" options from OTR button menu. Added "authenticate buddy" option in its place. This new option allows you to authenticate your buddies by entering some secret that only the two of you know, rather than by using a long user-unfriendly sequence of hex characters. [The old "verify fingerprint" dialog is still available via an "Advanced..." button from the new "authenticate buddy" dialog.]

8 Jun 2007

Version 0.5.2.0 of the third-party OTR plugin for the Miranda IM client is out.

7 Jun 2007

The 0.5.4 release of the mICQ command-line ICQ client now supports OTR!

6 May 2007

We now have an installer for the Pidgin 2.0.0 plugin.

11 Feb 2007

We now have an installer for the plugin for gaim 2 beta 6.

20 Nov 2006

We now have an installer for the plugin for gaim 2 beta 5.

27 Oct 2006

Thanks to Ekrem Erdem for the redesign of the OTR site!

5 Nov 2005

otrproxy-0.3.1 released. Changes from 0.3.0:
  • Support for OTR protocol version 2; will still interoperate with version 1 clients (though with a warning to the user).
  • Handle non-ASCII charsets properly.

5 Nov 2005

gaim-otr-3.0.0 and libotr-3.0.0 released. Changes from 2.0.2:
  • Support for OTR protocol version 2; will still interoperate with version 1 clients (though with a warning to the user).
  • The OTR button now has a right-click context menu with some useful options.
  • The OTR button now has icons in addition to text to indicate what state a conversation is in.
  • Most popups have been changed to inline messages in the conversation window.

5 Nov 2005

The identity-binding flaw pointed out earlier has been fixed in version 2 of the OTR Protocol.
 

24 Jul 2005

Flaw in OTR protocol discovered: Well, this is the benefit of open protocols and open source. :-)

Researchers from the Universita di Cantania (Italy) and IBM have looked at the OTR protocol, and pointed out a flaw, but there's a simple workaround for now.

15 Jul 2005

Notice to Tiger iChat users:
OS X version 10.4.2 seems to fix bug #4120243, so iChat can once again be used with otrproxy (via the HTTP proxy).

16 Jun 2005

Paul has created Fedora Core 4 rpms of libotr and gaim-otr, for
 

16 May 2005

Notice to Tiger iChat users:
It has come to our attention (mid-May 2005) that the Tiger version of iChat continues to have the bug that existed in Panther (#3930228) which prevents it from connecting to a localhost SOCKS or HTTPS proxy. In addition, there is a new bug in Tiger (#4120243) which prevents iChat from using an HTTP proxy at all. As a result, the Tiger version of iChat is completely unable to use a localhost proxy, and so will no longer work with otrproxy. This is very unfortunate, and the only workaround at the moment is to stick to Panther, or to use a different IM client. If you choose the latter, note that Adium X now supports OTR natively; there is no need to use otrproxy with it.

4 May 2005

We have checked yesterday's releases into CVS at SourceForge. We'll use that as our master repository from now on. Feel free to start using the bug / patch / feature request trackers there, too.

3 May 2005

otrproxy-0.3.0 released
Changes from 0.2.0:
  • Worked around a bug in Trillian that sometimes prevented it from connecting to the AIM/ICQ network through otrproxy.
  • New per-buddy configuration available by double-clicking a buddy's name in the main OTR window.
  • Popups on Win32 now actually show up in front of other windows.

3 May 2005

gaim-otr-2.0.2 and libotr-2.0.2 released
Changes from 2.0.1:
  • Fix to co-exist more nicely with other encrypting gaim plugins.
  • gaim-otr is now autoconfiscated, thanks to Greg Troxel.

3 May 2005

Adium X 0.80 is out
Adium X 0.80 is out, with native support for OTR!

3 May 2005

OTR is now in Debian unstable
Enjoy the magic of apt-get!

24 Feb 2005

otrproxy-0.2.0 released
Changes from 0.1.x:
  • There's now a GUI! See the README for more details.

23 Feb 2005

gaim-otr 2.0.1 released
Changes from 2.0.0:
  • Removed people without fingerprints from the Known Fingerprints list.
  • The column heads in the Known Fingerprints list cause sorting to happen in the expected way.

22 Feb 2005

Nikita made a 0.1.2 version of otrproxy for OSX
Changes from 0.1.1:
  • AIM screen names should be compared case- and space- insensitively.

16 Feb 2005

Version 2.0.1 of libotr released
Changes from 2.0.0:
  • Don't send encrypted messages to a buddy who has disconnected his private connection with us.
  • Don't show the user the "the last message was resent" notice if the message has never actually been sent before.
  • Fix a crash bug that happened when messages were retransmitted under certain circumstances.

8 Feb 2005

Version 2.0.0 of libotr released
Changes from 1.0.4:
  • Machine-readable records can now be attached to Data Messages inside the private channel.
  • New OtrlUserState datatype encapsulates private keys and known fingerprints, instead of having a single global list.
  • Added libotr.m4 for helping to autoconfiscate packages that use libotr.
  • Resend the last message if it caused a re-keying.
  • New OtrlPolicy datatype allows you to specify a per-connection OTR policy: never use OTR, OTR only if manually requested, automatically start OTR if possible, refuse to not use OTR.

8 Feb 2005

Version 2.0.0 of gaim-otr released
Changes from 1.0.3:
  • Clicking the OTR button produces a notice in the conversation window that it's doing something.
  • Added default and per-buddy policy selection: never use OTR, OTR only if manually requested, automatically start OTR if possible, refuse to not use OTR.
  • The OTR: button disappears if a particular buddy is set to never use OTR.
  • Resend the last message if it caused a re-keying.
  • OTR control messages are no longer displayed as if they were received as IM messages.
  • New multi-page UI
  • Send a control message to your buddy if you terminate a private conversation with him.
  • Updated gaim-otr to match libotr 2.0.0 API.
  • Separated gtk-specific code from general gaim code, with help from Evan Schoenberg.

2 Feb 2005

Version 1.99.0 of libotr and gaim-otr released
This is a preview release for 2.0.0.

22 Jan 2005

Version 1.0.4 of libotr released
Changes:
  • Initial autoconfiscation, thanks to Greg Troxel.
  • Log, but otherwise ignore, unrecognized OTR messages.

19 Jan 2005

Version 0.1.1 of otrproxy released
Changes:
  • The memory bug that caused crashes with the HTTP proxy has (hopefully) been found and fixed.
  • Added an OSX package

18 Jan 2005

Version 1.0.3 of libotr released
Changes:
  • The library has been separated from gaim-otr, so that other programs can use it without having to install gaim-otr.
  • We may as well try to use the "tag" method of checking for OTR, even when we don't already know a fingerprint for the correspondent.
  • Refactored the logic parts of gaim-otr into libotr, so they can be shared by other libotr-enabled apps.

18 Jan 2005

Version 1.0.3 of gaim-otr released
Changes:
  • The library has been separated from gaim-otr, so that other programs can use it without having to install gaim-otr.
  • Generate private keys automatically, if needed. Show a Please Wait dialog while this is happening.

18 Jan 2005

Version 0.1.0 of otrproxy released
This is the first release.

21 Dec 2004

Version 1.0.2 released
Changes:
  • If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys, he can perform a birthday attack to try to get his session id with each end to match. Since the session id was only 64 bits long, his work was only 2^32, which is not enough. We now make the session id the whole SHA-1 hash, instead of truncating it, to protect against even this unlikely scenario.
  • Made otr_sesskeys output the calculated public key as well, for added ease of forging messages when you don't know any plaintext.

18 Dec 2004

OTR was accepted to the CodeCon 2005
Off-the-Record Messaging was accepted to the CodeCon 2005 conference.

16 Dec 2004

Mentioned on Slashdot.