IMOTP: One Time Pad Cryptosystem for Instant Messaging

Civil liberty through simple mathematics

EasyOTP source code repository
EasyOTP Report - for CPE-456 Security, Spring 2008
Screencast of using cotp offline to encrypt, decrypt, and rewrite - cotp can be used without email
Screencast of using pad rewriting in cli.py - rewrite what a message decrypts to, without changing the ciphertext
Screencast of using EasyOTP in Gmail with channel filling - a message is sent every 10 seconds to thwart traffic analysis
Screencast of capturing output of Eather's TRNG and extracting the entropy - note the TRNG is turned off near the end of the recording
Screencast of capturing background noise from a sound card and extracting the entropy
Eather, David. Random Number Generation with a Simple Transistor Junction Noise Source. Version 1 Revision 2. 22 June 2004. Mirrored from [1] when it was available.

The remainder of this page contains information on older one-time pad tools from 2006-2004. This version is no longer maintained.

IMOTP implements one-time-pad encryption, intended to be used with instant messaging systems commonly used on the Internet. With OTP, you can meet someone in person, exchange a (random pad) file on a and communicate securely with them until the pad runs out. Since IM's are low-bandwidth messages, the timeshifted secure channel can last for a relatively long time until the pad needs to be exchanged again. Currently IMOTP works with xchat2 and AOL IM.

News

20060207 - EFF: AT&T forwards all Internet traffic into NSA. Be careful out there...

20050712 - otproxy 0.2 released. This is a newer proxy based on PyBoticide (an excellent AIM spam filter program) and written in Python. Recommended over the other versions of IMOTP here.

20050311 - "You waive any right to privacy." -- AOL Terms of Service for AIM (source 1, original source). All the more reason to use crypto.

20040824 - IMOTP 1.2 released!

Obtaining IMOTP

Download here.

If you want to use IMOTP with AIM, get the otproxy release. This should will work on all platforms that support Python and wxWindows. There is also a "Win32 Only" release which uses an older version of IMOTP not written in Python. xchat users or developers will want the full release. If you don't have an RNG or don't want to bother generating a one-time-pad, get the sample pad (do not use the sample pad for anything but testing; generate your own.) See below for the differences in otpaim and otpRaim.

IMOTP How-To

(Dis)advantages of Various Implementations of IMOTP

otproxy (a Python proxy with GUI, based on PyBoticide)
+ Transparent integration with AIM
+ Cross-platform; runs anywhere Python will
+ Cross-platform GUI, see above
+ Able to handle numerous IM message packets without problems
+ Auto-detects other users and enables cryptography automatically
- Requires reconfiguring AIM for proxy

OTPAIM (a Winpcap/SendMessage integration with AIM)
+ No restarting AIM required, no AIM configuration needed
+ Not deeply intertwined with AIM
- Replaces official IM window, so loses all features it has (HTML, etc.)
- Have to install Winpcap
- Requires safe-encoding as WM_CHAR can't send all characters to AIM
- Windows AIM only, requires running native code

OTPRAIM (an older proxy)
+ Transparent integration, can use official IM windows and all their features
+ No safe-encoding required
+ Therefore, size of encrypted packet == size of cleartext packet!
+ Can send HTML easily, for links to encapsulate ciphertext
+ Possibly platform-independent, except for the GUI (unless use wx)
 (TODO: endian-independence so can run on PPC architectures)
- All AIM messages go through the proxy, deeply integrated
- Requires running native code

(javaotp) (a Java applet, not yet)
+ No running native code required, simply go to a web page 
+ Platform-independent
- Not integrated at all with other IM clients