[OTR-users] OTR Weakness
Michael Hung
mhkhung at gmail.com
Sat Dec 10 19:31:24 EST 2005
I might be wrong but I don't think the standard dsa supports sha256. Rsa works fine of course..
Michael
-----Original Message-----
From: Ian Goldberg <ian at cypherpunks.ca>
Date: Sat, 10 Dec 2005 18:42:36
To:otr-users at lists.cypherpunks.ca
Subject: Re: [OTR-users] OTR Weakness
On Wed, Dec 07, 2005 at 07:22:50PM -0500, Anonymous wrote:
> Correct me if I'm wrong, and it is very possible that I am, but isn't
> D-H vulnerable to brute-force attacks in the same manner as RSA
> attacks? If indeed that is true, perhaps it would be wise to increase
> the bitlength of the keys that otr uses, as currently, it is
> very-nearly in reach of easily-crackable by people with
> super-computers.
I disagree that 1536-bit DH is "very nealy in reach of easily
crackable". Do you have data to back this up? [The attacks to be
concerned about aren't brute-force attacks; those clearly are out of
reach.]
> On a seperate note, DSA has been compromised in the current way that
> it is created: that is, using SHA1-160 on both ends. I recommend an
> immediate upgrade to either TIGER (recommended) or SHA2-512.
Do you have a pointer to this? Collisions in SHA1 shouldn't affect
DSA. We have in fact started migrating over to SHA-256, but some things
(like fingerprints) can't change without losing compatibility.
- Ian
_______________________________________________
OTR-users mailing list
OTR-users at lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-users
More information about the OTR-users
mailing list