[OTR-users] OTR Weakness

Anonymous secanon at m-net.arbornet.org
Wed Dec 7 19:22:50 EST 2005


Correct me if I'm wrong, and it is very possible that I am, but isn't D-H vulnerable to brute-force attacks in the same manner as RSA attacks?  If indeed that is true, perhaps it would be wise to increase the bitlength of the keys that otr uses, as currently, it is very-nearly in reach of easily-crackable by people with super-computers.  

On a seperate note, DSA has been compromised in the current way that it is created: that is, using SHA1-160 on both ends.  I recommend an immediate upgrade to either TIGER (recommended) or SHA2-512.  

Sincerely,
Anonymous



More information about the OTR-users mailing list