[OTR-users] Stronger crypto?
Michael Reichenbach
michael_reichenbach at freenet.de
Sat May 10 09:27:45 EDT 2008
Jonathan Schleifer wrote:
> Hi!
>
> I looked at the specification of the OTR protocol and have a few
> suggestions.
>
> First: Why not move from AES128-CTR to AES256-CBC? It only needs a few
> cycles more, but provides stronger crypto. Shouldn't be a problem, even
> on slower machines.
>
> Second: Why not increase the public/private key to 4096 bit? DSA2 can
> handle that. And since that key isn't generated every 5 minutes,
> performance on slow machines shouldn't be an issue here either.
>
> I haven't read the whole specification, only had a quick look at it, so
> feel free to correct me if I've missed something.
>
> I'd welcome it if there'd be a new OTR version providing stronger cryto.
>
I can second this and would like to see strongest cryptography. Instant
of AES128 or AES256 a cascade with AES256-Twofish-Serpent could be used.
More information about the OTR-users
mailing list