[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?

Paul Wouters paul at cypherpunks.ca
Mon Jun 1 16:32:03 EDT 2015

On Tue, 26 May 2015, Taylor R Campbell wrote:

> The curve shape and every parameter in Curve25519 are fully justified
> in in the paper <http://cr.yp.to/ecdh/curve25519-20060209.pdf> to
> provide the maximum performance for a prescribed security level, or to
> be the smallest values for an arbitrary choice satisfying all security
> criteria.

But how do you know those arguments aren't cherry-picked ?

It's like saying, "I picked red because it is provably the most prominent
warning colour in nature, and the fastest" while hiding a "I have a back
door for red" in my pocket.


More information about the OTR-dev mailing list