Hush-hush chats with Off The Record (OTR) messaging

GSoC Student: George (Geekius Caesar) Politis - Greece
Mentors: Ulrich Norbisrath (Estonia), Werner Dittmann (Germany)

Project Requirements

First term:

  1. Select a java lib that handles encryption
  2. Create a transformation operation set
  3. Implement support for the transformation set in all protocols
  4. Implement an OTR encryption bundle prototype/proof of concept that encrypts all conversations

Second term:

  1. Make the OTR plugin register an encryption button in the tool and menu bars of the chat window
  2. The above mentioned button should indicate the status of the current chat (locked or not)
  3. The above mentioned button should also contain (at least) the following options
    1. Start an ecnrypted chat
    2. End encrypted chat
    3. Authenticate/Verify contact
    4. Auto encrypt every session with this contact
    5. Help/ What is this (open a browser to the OTR home page)
  4. Implement support for clients that do not have OTR (send explanataory messages with a link like pidgin and adium)
  5. Add support for incoming fragmented messages
  6. Configuration intertface that allows generating and displaying our own key as well as managing other people’s keys
  7. JUnit tests that run with every protocol

Optional

  1. Add suport for fragmentation of outgoing messages (both encrypted and not)

Project Description:

Today instant messaging is very often implemented in clear text. Anybody having access to one of the used networks in between you and your correspondent may have the possibility to read your messages. Furthermore, it is often impossible for you to know that messages you receive have not be tampered with or that the person you are writing to is who they pretend to be. Off The Record (OTR) messaging provides encryption, authentication, deniability, and strong forward secrecy. It is already implemented in many of the popular instant messengers like for example Kopete, Pidgin, Adium, mICQ, Miranda, and Trillian. OTR uses the AES symmetric-key algorithm, the Diffie-Hellman key exchange, and the SHA-1 hash function.

The project will include a research phase during which you would have to determine whether you’ll be using an existing Java implementation of OTR or, alternately, porting libotr to Java. You would also have to design and implement a GUI extension that would allow you to configure the OTR module in SIP Communicator.

References:

Home page for OTR as well as the libotr and pidgin-otr implementations
http://www.cypherpunks.ca/otr/

Nikita Borisov, Ian Goldberg, Eric Brewer (2004-10-28). “Off-the-Record Communication, or, Why Not To Use PGP”. Workshop on Privacy in the Electronic Society. Retrieved on 2006-08-29.
http://www.cypherpunks.ca/otr/otr-wpes.pdf

More info on OTR
http://en.wikipedia.org/wiki/Off-the-Record_Messaging

The Pidgin home page
http://www.pidgin.im

OTR for Kopete
http://kopete-otr.follefuder.org/

A fresh sourceforge project for a otr java implementation
http://sourceforge.net/projects/jotr/

The JOTR blog
http://blog.blathersource.org/blog/archives/69-What-is-Daniel-doing-now.html

Other Jitsi GSoC Projects
http://gsoc.jitsi.org

Jitsi Developer Documentation
http://www.jitsi.org/index.php/Documentation/DeveloperDocumentation

The official Jitsi website
http://www.jitsi.org