[OTR-users] DH moduli & AES keysize

Jason Cohen jcohen07 at brandeis.edu
Tue Mar 29 17:37:00 EST 2005 

People who live in nations with oppressive dictatorships will not
protect themselves by using encryption. The very fact that they are
encrypting data I'm sure would be considered a crime. They also would
likely not have access to their own personal machines which would allow
them to install & setup OTR. We have some semblence of privacy because
the United States as well as Westsern Europe generally does not make it
a crime encrypt data.

Secondly, no one would be forced to use larger DH moduli. The default
could remain at 1536, with the option for the user of increasing the
size. As I said, the speed difference between 1536 and 2048 is probably
quite minimal on most systems (even a 450 mhz system) and a PDA wouldn't
be rekeying every message anyways. The WPES paper recommends rekeying
every minute.

 OTR could read from a default list of moduli with sizes say between
1536 and 4096 bits (so the moduli don't have to be sent over the
network). The OTR user initiating the private conversation would just
specify the key size he desires, and perhaps a minimum keysize he'll
accept to prevent rollback attacks. If a user specifies a moduli size
larger than 2048 a warning message could inform him that his might cause
slowdowns as gnupg already does. If the user doesn't mind or thinks the
slowdown will be minimal, and his buddy's have fairly fast computers he
can choose a larger bit size. If he doesn't have a preference or thinks
1536 bits is sufficient, he can keep the default size which I imagine
most people will do.


Jason

Joel Mawhorter wrote:

>y On Tue, 29 Mar 2005 16:09:56 -0500
>Jason Cohen <jcohen07 at brandeis.edu> wrote:
>
>  
>
>>The WPES 2004 paper states that under the current protocol a person can
>>send and receive up to 18 messages per second (36 messages total) on a
>>450 mhz Pentium IIII. Thus, it would seem that even on a slow machine
>>2048 bit DH moduli wouldn't add a great deal of latency. 450 mhz
>>machines are also on the low end of what is generally used for desktops.
>>Most PCs are 2-3 years old and 450 mhz processors are at least 4-5 if I
>>remember correctly.
>>    
>>
>
>Don't forget that many of the people who are in situations where the need for OTR is most important do not have access to the latest (or maybe even 4-5 year old) hardware. I'm sure people with fast desktop machines make up the majority of current OTR users but how many of them use OTR because they fear torture and death from oppressive governments?
>
>As well, if OTR will ever be used for instant messaging on portable devices, making OTR require a lot more computational power is probably not a good idea.
>
>Joel
>
>  
>
>>Does anyone happen to have performance tests for 2048 or 3072 bit DH
>>moduli. Could I test this myself?
>>
>>Jason
>>
>>    
>>
>_______________________________________________
>OTR-users mailing list
>OTR-users at lists.cypherpunks.ca
>http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>  
>

More information about the OTR-users mailing list