Martin: Off the Record Messaging: A Tutorial
Posted Jul 31, 2012 14:00 UTC (Tue) by erwbgy
In reply to: Martin: Off the Record Messaging: A Tutorial
Parent article: Martin: Off the Record Messaging: A Tutorial
In brief, SRP is a protocol for authenticating a client using a username and password (or equivalent) and negotiating a session key for integrity and/or confidentiality protection of the subsequent session. So, it is like SSL but uses passwords instead of public-key certificates and doesn't require a trusted third party.
OTR is similar in that it also uses a shared secret and has perfect forward secrecy. It is different in that there is the concept of deniable authentication where it is not possible for outsiders to tell the difference between real and fake messages and it can use the socialist millionaire protocol for authentication, as mentioned above. So OTR is designed for a different use case.
to post comments)