[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?
Holger Levsen
holger at layer-acht.org
Fri May 22 10:28:18 EDT 2015
Hi Ian,
On Freitag, 22. Mai 2015, Ian Goldberg wrote:
> No, there is no reason to believe that the 1536-bit DH group used by OTR
> is vulnerable.
is it really a single group for all? how about (optionally) creating a new,
client specific one, on installation? and how about using eg. 4096 bits?
if I understand correctly, in a few years 1536 bits might not give sufficient
protection anymore, if attacked liked this, and if there is a a full take of
the otr communication then the "forward secrecy" is gone :/
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20150522/9de84850/attachment.pgp>
More information about the OTR-dev
mailing list