<div dir="ltr">On Fri, May 22, 2015 at 3:40 PM, Ian Goldberg <span dir="ltr"><<a href="mailto:ian@cypherpunks.ca" target="_blank">ian@cypherpunks.ca</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, May 21, 2015 at 08:39:43PM +0300, Shnatsel . wrote:<br>
> Dear OTR developers,<br>
><br>
> I'm following up on the recent findings in Diffie-Hellman key exchange<br>
> published at <a href="https://weakdh.org/" target="_blank">https://weakdh.org/</a><br>
><br>
> In a nutshell, a state agency kind of adversary can probably break a few<br>
> common Diffie-Hellman groups and passively decrypt a significant part of<br>
> encrypted communications over multiple protocols.<br>
<br>
</span>That is indeed believed to be true for <= 1024-bit keys. (It is<br>
demonstrably true for 512-bit, even for random single people; 768-bit<br>
keys are likely doable for researchers or companies with big compute<br>
farms.)<br>
<span class=""><br>
> As far as I understand OTR uses Diffie-Hellman key exchange in the<br>
> protocol. I'd like to know if OTR is vulnerable to this attack.<br>
><br>
> Thanks in advance,<br>
> --<br>
> Sergey "Shnatsel" Davidoff<br>
<br>
</span>No, there is no reason to believe that the 1536-bit DH group used by OTR<br>
is vulnerable.<br></blockquote><div><br></div><div>I am a researcher at one of the labs that worked on Logjam, and AFAIK OTR is not vulnerable to that particular result in any way.<br><br></div><div>Nevertheless, I've harbored the strong opinion for many months now that OTR should soon move to Curve25519 for key agreement, and eschew DSA in favor of ED25519. In fact, I'd be happy to offer a hand in specifying and implementing this change to the AKE if the OTR team is on board.<br><br></div><div>Thanks to Ian, Jake and the rest of the OTR team for their attention to this issue.<br></div><div><br></div><div>Nadim<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
- Ian<br>
_______________________________________________<br>
OTR-dev mailing list<br>
<a href="mailto:OTR-dev@lists.cypherpunks.ca">OTR-dev@lists.cypherpunks.ca</a><br>
<a href="http://lists.cypherpunks.ca/mailman/listinfo/otr-dev" target="_blank">http://lists.cypherpunks.ca/mailman/listinfo/otr-dev</a><br>
</blockquote></div><br></div></div>