[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?
Taylor R Campbell
campbell+otr at mumble.net
Mon Jun 1 16:50:05 EDT 2015
Date: Mon, 1 Jun 2015 16:32:03 -0400 (EDT)
From: Paul Wouters <paul at cypherpunks.ca>
On Tue, 26 May 2015, Taylor R Campbell wrote:
> The curve shape and every parameter in Curve25519 are fully justified
> in in the paper <http://cr.yp.to/ecdh/curve25519-20060209.pdf> to
> provide the maximum performance for a prescribed security level, or to
> be the smallest values for an arbitrary choice satisfying all security
> criteria.
But how do you know those arguments aren't cherry-picked ?
It's like saying, "I picked red because it is provably the most prominent
warning colour in nature, and the fastest" while hiding a "I have a back
door for red" in my pocket.
Find any other relevant security criteria for a DH function built on
elliptic-curve crypto, and then we can discuss that.
More information about the OTR-dev
mailing list