[OTR-announce] OTR 1.0.2 is online
Ian Goldberg
ian at cypherpunks.ca
Tue Dec 21 14:48:44 EST 2004
I've put 1.0.2 online. Changes:
* If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys,
he can perform a birthday attack to try to get his session id with
each end to match. Since the session id was only 64 bits long, his
work was only 2^32, which is not enough. We now make the session id
the whole SHA-1 hash, instead of truncating it, to protect against
even this unlikely scenario.
* Made otr_sesskeys output the calculated public key as well, for added
ease of forging messages when you don't know any plaintext.
deb's and rpm's are there, too.
http://www.cypherpunks.ca/otr/
- Ian
More information about the OTR-announce
mailing list