[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?

Shnatsel . shnatsel at gmail.com
Thu May 21 13:39:43 EDT 2015


This message is re-sent to the list since it didn't seem to go through. I
apologize for any possible duplication.

----------

Dear OTR developers,

I'm following up on the recent findings in Diffie-Hellman key exchange
published at https://weakdh.org/

In a nutshell, a state agency kind of adversary can probably break a few
common Diffie-Hellman groups and passively decrypt a significant part of
encrypted communications over multiple protocols.

As far as I understand OTR uses Diffie-Hellman key exchange in the
protocol. I'd like to know if OTR is vulnerable to this attack.

Thanks in advance,
--
Sergey "Shnatsel" Davidoff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20150521/6f790f73/attachment.html>


More information about the OTR-dev mailing list