By Robert Lemos CNET News.com February 14, 2005, 5:05 PM PT
SAN FRANCISCO--When you hit the Send button on an instant message, do you really know who is on the other end?
Two researchers at the University of California at Berkeley have created an add-on to instant messaging that they claim will enable the participants to identify each other and have a secure conversation without leaving any proof that the chat occurred.
The result, dubbed off-the-record (OTR) messaging by security researchers Ian Goldberg and Nikita Borisov, is a plug-in for the Gaim instant-messaging client that enables encrypted messages sans leaving a key--a sequence of characters--that could be used to verify that the conversation happened. That attribute, known in cryptography as perfect forward security, also prevents snoopers from reading any copies of the conversation.
"If tomorrow, my computer is broken into and the encryption key is stolen, the attacker can't read future messages," said Goldberg, a graduate of Berkeley.