[OTR-dev] [OTR-users] otr dh key encryption
Gregory Maxwell
gmaxwell at gmail.com
Tue Feb 19 18:06:52 EST 2013
On Tue, Feb 19, 2013 at 2:42 PM, Ileana <ileana at fairieunderground.info> wrote:
> #define CIPHER_IV_LEN 16
To be fair— AES 256 has certificational weaknesses with a lower work
factor then the best attacks on 128 bit AES. They don't appear to
matter in practice, but I'm not aware of a threat model where 256 bit
AES would make a material improvement, except perhaps the
attacker-has-arbitrarily-good-quantum-computers model... and under
that model all the key derivation (curve25519 and DHKE) fails
completely in any case.
More information about the OTR-dev
mailing list