[OTR-users] DH moduli & AES keysize
Jason Cohen
jcohen07 at brandeis.edu
Tue Mar 29 18:37:38 EST 2005
On Tue, Mar 29, 2005 at 07:34:38AM -0500, Ian Goldberg wrote:
>> The hard part is of course not in using a different value of p. 1536
>> bits was chosen so as to reduce message latency and size overhead, while
>
>
^^^^^^^^^^^^^^^^^
>> providing sufficient security.
>
>
You're focusing on the latency, and forgetting about the size. Using a
4096-bit key instead of 1536-bit will remove 320 bytes from the
available message size, which is already pretty small for some IM
protocols (around 500 bytes or so for ICQ, I think). You could add
fragmentation to the OTR protocol, at the cost of even more overhead.
You really think 1536-bit discrete logs will be calculable any time
soon?
I'll just say again that this change isn't on my personal priority list.
But hey, it's open-source, right? ;-)
- Ian
I didn't realize the size limitations were that restrictive. Any idea
what the AIM size limit is? I figured you had at least a 1000 bytes to
use. Oh, and I don't think 1536 discrete logs will be broken in the near
future, but if 2048 bit keys provide reasonable security until 2030 with
minimal performance and size impact (64 bytes), why not?
More information about the OTR-users
mailing list