[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?

Shnatsel . shnatsel at gmail.com
Mon Jun 1 16:43:00 EDT 2015

> But how do you know those arguments aren't cherry-picked ?

We don't. We don't know they're good, all we know is they're
relatively better than NIST curves, both based on publicly available
research and on their developers having better rationale for their
parameters than NIST as well as potentially less of an incentive to
backdoor them.

If crypto primitive backdoors are real a problem, BADA55 curves with
verifiably random parameters might be worth considering:

More information about the OTR-dev mailing list