[OTR-users] DH moduli & AES keysize
Ian Goldberg
ian at cypherpunks.ca
Tue Mar 29 18:29:22 EST 2005
On Tue, Mar 29, 2005 at 07:34:38AM -0500, Ian Goldberg wrote:
> The hard part is of course not in using a different value of p. 1536
> bits was chosen so as to reduce message latency and size overhead, while
^^^^^^^^^^^^^^^^^
> providing sufficient security.
You're focusing on the latency, and forgetting about the size. Using a
4096-bit key instead of 1536-bit will remove 320 bytes from the
available message size, which is already pretty small for some IM
protocols (around 500 bytes or so for ICQ, I think). You could add
fragmentation to the OTR protocol, at the cost of even more overhead.
You really think 1536-bit discrete logs will be calculable any time
soon?
I'll just say again that this change isn't on my personal priority list.
But hey, it's open-source, right? ;-)
- Ian
More information about the OTR-users
mailing list