[OTR-users] DH moduli & AES keysize
Jason Cohen
jcohen07 at brandeis.edu
Mon Mar 28 23:27:35 EST 2005
Wouldn't it be quite simple to use new DH moduli? ssh-keygen actually provides a utility to create & test moduli. I created 4096 bit DH moduli (and tested all 280,000 of them in 19 hours) and replaced /etc/ssh/moduli with the new larger values. Provided OTR read moduli from a file, it should be quite simple for users to generate moduli of any size. I would think it would also be equally simple to increase the AES keysize used to 192 or 256.
Jason
Quoting:
I don't think there's any point to using RSA encryption where DH is used
now, but different DH groups may be possible. But yes, it's
hypothetical at this time.
There *is* a plausible reason to use RSA signatures instead of DSA in
the initial key exchange, but that's also hypothetical.
- Ian
More information about the OTR-users
mailing list