[OTR-dev] IFF meeting notes - OTRv4
jvoisin
julien.voisin at dustri.org
Thu Mar 17 17:54:25 EDT 2016
> Just to slightly hedge against elliptic curves being weaker than we
> think, or even to quantum computers with hundreds but not thousands
> of qubits, the whole OTRv4 protocol (which itself uses ECC such as
> curve25519 or maybe one of the 400-ish-bit ones) is wrapped in a
> 2048-bit mod p Diffie-Hellman. The outer layer is not explicitly
> authenticated.
Isn't 2048-bit mod p Diffie-Hellman a bit short for a modern protocol?
At least, this is what the BSI is saying: https://www.keylength.com/en/8/
(also, thanks for the notes!)
More information about the OTR-dev
mailing list