[OTR-users] DH moduli & AES keysize
Ian Goldberg
ian at cypherpunks.ca
Tue Mar 29 07:34:38 EST 2005
On Mon, Mar 28, 2005 at 11:27:35PM -0500, Jason Cohen wrote:
> Wouldn't it be quite simple to use new DH moduli? ssh-keygen actually
> provides a utility to create & test moduli. I created 4096 bit DH
> moduli (and tested all 280,000 of them in 19 hours) and replaced
> /etc/ssh/moduli with the new larger values. Provided OTR read moduli
> from a file, it should be quite simple for users to generate moduli of
> any size. I would think it would also be equally simple to increase
> the AES keysize used to 192 or 256.
The hard part is of course not in using a different value of p. 1536
bits was chosen so as to reduce message latency and size overhead, while
providing sufficient security. Remember that you and your buddy have to
use the same value of p, so if there's more than one available, you need
an extra step to negotiate it, and this also opens you up to "rollback"
attacks.
If we're going to allow larger DH moduli, we'll almost certainly just
specify the ones in RFC 3526, rather than making users generate their
own, anyway.
- Ian
More information about the OTR-users
mailing list