[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?
Paul Wouters
paul at cypherpunks.ca
Mon Jun 1 16:32:03 EDT 2015
On Tue, 26 May 2015, Taylor R Campbell wrote:
> The curve shape and every parameter in Curve25519 are fully justified
> in in the paper <http://cr.yp.to/ecdh/curve25519-20060209.pdf> to
> provide the maximum performance for a prescribed security level, or to
> be the smallest values for an arbitrary choice satisfying all security
> criteria.
But how do you know those arguments aren't cherry-picked ?
It's like saying, "I picked red because it is provably the most prominent
warning colour in nature, and the fastest" while hiding a "I have a back
door for red" in my pocket.
Paul
More information about the OTR-dev
mailing list