IMOTP: One Time Pad Cryptosystem for Instant Messaging

Civil liberty through simple mathematics

The remainder of this page contains information on older one-time pad tools from 2006-2004. This version is no longer maintained.

IMOTP implements one-time-pad encryption, intended to be used with instant messaging systems commonly used on the Internet. With OTP, you can meet someone in person, exchange a (random pad) file on a and communicate securely with them until the pad runs out. Since IM's are low-bandwidth messages, the timeshifted secure channel can last for a relatively long time until the pad needs to be exchanged again. Currently IMOTP works with xchat2 and AOL IM.


20060207 - EFF: AT&T forwards all Internet traffic into NSA. Be careful out there...

20050712 - otproxy 0.2 released. This is a newer proxy based on PyBoticide (an excellent AIM spam filter program) and written in Python. Recommended over the other versions of IMOTP here.

20050311 - "You waive any right to privacy." -- AOL Terms of Service for AIM (source 1, original source). All the more reason to use crypto.

20040824 - IMOTP 1.2 released!

Obtaining IMOTP

Download here.

If you want to use IMOTP with AIM, get the otproxy release. This should will work on all platforms that support Python and wxWindows. There is also a "Win32 Only" release which uses an older version of IMOTP not written in Python. xchat users or developers will want the full release. If you don't have an RNG or don't want to bother generating a one-time-pad, get the sample pad (do not use the sample pad for anything but testing; generate your own.) See below for the differences in otpaim and otpRaim.


  1. Pad generation
  2. Pad exchange
  3. Client configuration
    1. IMOTP/Python (otproxy) - recommended
    2. IMOTP/C (used with Windows OTPAIM and OTPRAIM)
    3. IMOTP/Perl (used with Xchat2 xotp)

Other IM Encryption Solutions

gaim-encryption - An excellent RSA encryption plugin for gaim. Unfortunately, with large key sizes (4069 bits) the lag is very noticable. Sends nonces so that messages cannot be replayed.

- very interesting, the OTR protocol offers encryption, authentication, deniability, and perfect forward secrey.

(Dis)advantages of Various Implementations of IMOTP

otproxy (a Python proxy with GUI, based on PyBoticide)
+ Transparent integration with AIM
+ Cross-platform; runs anywhere Python will
+ Cross-platform GUI, see above
+ Able to handle numerous IM message packets without problems
+ Auto-detects other users and enables cryptography automatically
- Requires reconfiguring AIM for proxy

OTPAIM (a Winpcap/SendMessage integration with AIM)
+ No restarting AIM required, no AIM configuration needed
+ Not deeply intertwined with AIM
- Replaces official IM window, so loses all features it has (HTML, etc.)
- Have to install Winpcap
- Requires safe-encoding as WM_CHAR can't send all characters to AIM
- Windows AIM only, requires running native code

OTPRAIM (an older proxy)
+ Transparent integration, can use official IM windows and all their features
+ No safe-encoding required
+ Therefore, size of encrypted packet == size of cleartext packet!
+ Can send HTML easily, for links to encapsulate ciphertext
+ Possibly platform-independent, except for the GUI (unless use wx)
 (TODO: endian-independence so can run on PPC architectures)
- All AIM messages go through the proxy, deeply integrated
- Requires running native code

(javaotp) (a Java applet, not yet)
+ No running native code required, simply go to a web page 
+ Platform-independent
- Not integrated at all with other IM clients Logo