[OTR-dev] Evidence of intelligence agency decryption of OTR chats
Fedor Brunner
fedor.brunner at azet.sk
Mon Dec 29 03:49:15 EST 2014
On 29.12.2014 00:40, Gregory Maxwell wrote:
> http://www.spiegel.de/media/media-35552.pdf
>
>>From http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html
>
> The fact that they appear to have decrypted some but not all messages
> in a log suggests to me that this is not a host compromise, or an
> MITM. But potentially an attack on 1024 bit DH or AES-CTR?
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
>
On the IETF TLS mailing list there was a guess about batch NFS, which
can used to attack 1024-bit DH
https://www.ietf.org/mail-archive/web/tls/current/msg14927.html
More details about Batch NFS
http://cr.yp.to/factorization/batchnfs-20141109.pdf
https://en.wikipedia.org/wiki/Number_field_sieve
Also the libotr AES implementation uses S-Boxes, so can be attacked
using Cache-timing attacks on AES.
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
AES-CTR should implemented using bitsliced AES.
http://cr.yp.to/aes-speed/aesspeed-20080926.pdf
More information about the OTR-dev
mailing list