[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?
Ian Goldberg
ian at cypherpunks.ca
Fri May 22 09:40:53 EDT 2015
On Thu, May 21, 2015 at 08:39:43PM +0300, Shnatsel . wrote:
> Dear OTR developers,
>
> I'm following up on the recent findings in Diffie-Hellman key exchange
> published at https://weakdh.org/
>
> In a nutshell, a state agency kind of adversary can probably break a few
> common Diffie-Hellman groups and passively decrypt a significant part of
> encrypted communications over multiple protocols.
That is indeed believed to be true for <= 1024-bit keys. (It is
demonstrably true for 512-bit, even for random single people; 768-bit
keys are likely doable for researchers or companies with big compute
farms.)
> As far as I understand OTR uses Diffie-Hellman key exchange in the
> protocol. I'd like to know if OTR is vulnerable to this attack.
>
> Thanks in advance,
> --
> Sergey "Shnatsel" Davidoff
No, there is no reason to believe that the 1536-bit DH group used by OTR
is vulnerable.
- Ian
More information about the OTR-dev
mailing list