[OTR-users] OTR Weakness
Ian Goldberg
ian at cypherpunks.ca
Sat Dec 10 18:42:36 EST 2005
On Wed, Dec 07, 2005 at 07:22:50PM -0500, Anonymous wrote:
> Correct me if I'm wrong, and it is very possible that I am, but isn't
> D-H vulnerable to brute-force attacks in the same manner as RSA
> attacks? If indeed that is true, perhaps it would be wise to increase
> the bitlength of the keys that otr uses, as currently, it is
> very-nearly in reach of easily-crackable by people with
> super-computers.
I disagree that 1536-bit DH is "very nealy in reach of easily
crackable". Do you have data to back this up? [The attacks to be
concerned about aren't brute-force attacks; those clearly are out of
reach.]
> On a seperate note, DSA has been compromised in the current way that
> it is created: that is, using SHA1-160 on both ends. I recommend an
> immediate upgrade to either TIGER (recommended) or SHA2-512.
Do you have a pointer to this? Collisions in SHA1 shouldn't affect
DSA. We have in fact started migrating over to SHA-256, but some things
(like fingerprints) can't change without losing compatibility.
- Ian
More information about the OTR-users
mailing list