[OTR-dev] Fwd: Some DH groups found weak; is OTR vulnerable?
Peter Fairbrother
zenadsl6186 at zen.co.uk
Fri May 29 08:57:51 EDT 2015
On 29/05/15 13:51, Peter Fairbrother wrote:
[...]
> Going slightly OT ans speculative,
>
> As to the Logjam paper, congratulations.
>
> I wonder whether the "state level threat" of breaking common 1024-bit DH
> primes is the "major breakthrough" which NSA told Congress about a few
> years ago, for which they got all that lovely extra money.
>
> If so, the people who in 2013 were supporting the idea of replacing
> 2048-bit RSA with ubiquitous 1024-bit DH in order to provide FS look a
> bit silly ..
>
>
> [ the major browsers supported 1024-bit DH but 2048-bit RSA, perhaps due
> to people mistakenly thinking that DH keys needed to be half the size of
> RSA keys - though it might be interesting to see where that rumour came
> from.
>
> To quote Peter Gutmann:
>
> "It's a debate between two groups, the security practitioners, "we'd
> like a PFS solution as soon as we can, and given currently-deployed
> infrastructure DH-1024 seems to be the best bet", and the theoreticians,
> "only a theoretically perfect solution is acceptable, even if it takes
> us forever to get it"." ]
>
>
> .. as the only people who could partially break 2048-bit RSA were the
> major agencies (gimme the private keys sunshine, or go to jail), the
> same ones who could almost universally break 1024-bit DH, but without
> the hassle of warrants or anyone else knowing about it ..
By the way, this was just after Snowden, when people were running around
like headless chickens saying "we must do something".
NSA must have been laughing all the way to the bank.
-- Peter Fairbrother
More information about the OTR-dev
mailing list