[OTR-dev] Symmetric key retrieval

Ian Goldberg ian at cypherpunks.ca
Thu Jul 3 16:38:31 EDT 2008


On Thu, Jul 03, 2008 at 03:08:43PM -0400, Paul Wouters wrote:
> On Wed, 2 Jul 2008, Ian Goldberg wrote:
> 
> >For Paul :-)
> 
> >I've checked in support for applications asking libotr for a
> >forward-secret symmetric key.
> 
> Excellent! This is a step towards using session keys to protect file 
> transfers and video/audio conferencing!
> 
> >[OTRL_EXTRAKEY_BYTES is currently 32, so you get 256 bits out of it.]
> >
> >Paul, is that what you were looking for?
> 
> Yes, though I am not sure if 256bits is strong enough for a session key.
> Is that the strength within our OTR session anyway? When used for 3des,
> aes or blowfish symmetric crypto?

OTR uses AES-128.  I made 256 bits available so you can get two 128-bit
keys out of it (say, one for encrypting in each direction, or one for
encrypting and one for a MAC).  The 256 bits are basically a SHA-256
hash of the current Diffie-Hellman g^{xy} value (in order to preserve
forward secrecy).

   - Ian



More information about the OTR-dev mailing list