[OTR-users] DH moduli & AES keysize

Jason Cohen jcohen07 at brandeis.edu
Mon Mar 28 23:27:35 EST 2005


Wouldn't it be quite simple to use new DH moduli? ssh-keygen actually provides a utility to create & test moduli. I created 4096 bit DH moduli (and tested all 280,000 of them in 19 hours) and replaced /etc/ssh/moduli with the new larger values. Provided OTR read moduli from a file, it should be quite simple for users to generate moduli of any size. I would think it would also be equally simple to increase the AES keysize used to 192 or 256. 

Jason

Quoting: 

I don't think there's any point to using RSA encryption where DH is used
now, but different DH groups may be possible.  But yes, it's
hypothetical at this time.

There *is* a plausible reason to use RSA signatures instead of DSA in
the initial key exchange, but that's also hypothetical.

   - Ian




More information about the OTR-users mailing list