[OTR-dev] [OTR-users] otr dh key encryption

Michael Rogers michael at briarproject.org
Tue Feb 19 17:05:13 EST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/02/13 18:13, Ileana wrote:
>> Neither torchat nor OTR use 256 bit AES, they both use 128 bit
>> AES.
> 
> OK...this part I am pretty sure is a mistake.  Tor purports to use 
> AES-256 for all connections, including hidden services...I relooked
> at the OTR code and see the that 16 bytes * 8 bits is indeed 128.

According to the spec, Tor uses 128-bit AES.

https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt

"For a stream cipher, we use 128-bit AES in counter mode, with an IV
of all 0 bytes."

Another potential concern is that the hostname of a hidden service is
based on the first 80 bits of the hash of the service's public key, so
a collision can be generated after an expected 2^80 attempts.

https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt
(see section 1.5)

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRI/cZAAoJEBEET9GfxSfMdgEH/1ZaKm/bK6+XkC7BKFGSXTxS
lYcG5eyTkkrZ/Zv9SMO4H+CmIq8IFBR5WynpcM0eRCEXln0RSIDqX7+ygsHyp6jd
22quKhELA0dL7cndKbtDO8eIj9bS+uUZpCSHDvhFqx5loIOqOShJZEXbffE8TwnI
mnAd4FwGhSjC+OXXOBnJc1gGpSQOI4yu65jtXc/W0IasrccEppPrctu07c+mNbIg
PXGeg3XM1tYBZJjlpdUT45idiI71NAR3Tjek7A7GzQV6ICPjqeXqnMnW3kdvFaC8
XwdrkZEAdLGe2FyRudkaLvPo8UVdqoRvCnT1OGMyBvORxrxg0lV+ED2W1IUaf7g=
=8gFJ
-----END PGP SIGNATURE-----



More information about the OTR-dev mailing list