[OTR-users] Stronger crypto?

Gregory Maxwell gmaxwell at gmail.com
Sat May 10 12:38:30 EDT 2008


On Sat, May 10, 2008 at 9:27 AM, Michael Reichenbach
<michael_reichenbach at freenet.de> wrote:
>> First: Why not move from AES128-CTR to AES256-CBC? It only needs a few
>> cycles more, but provides stronger crypto. Shouldn't be a problem, even
>> on slower machines.
[snip]
> I can second this and would like to see strongest cryptography. Instant of
> AES128 or AES256 a cascade with AES256-Twofish-Serpent could be used.

The need to have a counter-mode cypher stems from the desire to
preserve blind modification, one of OTR's features.  OTR intentionally
releases the authentication keys after a message is received, with
these keys in hand you can blindly modify message ... For example if
you think it's very likely that someone wrote "I'd like to meet John"
you can flip the bits to make it say "I'd like to kill John", even
without the encryption keys.  This property requires a counter mode
cipher.

Because the system, properly, has an IV which is unique per key a
counter mode cipher should be equally secure unless AES is broken. ...
but if AES is broken we have bigger problems than the difference
between CTR and CBC mode.

> Second: Why not increase the public/private key to 4096 bit? DSA2 can
> handle that. And since that key isn't generated every 5 minutes,
> performance on slow machines shouldn't be an issue here either.

First off... as seem to be aware, It's only used for initial
authentication. ... cracking your private key would only allow someone
to impersonate you in the future, and not read your past messages.
It's not a very interesting attack for an attacker and if it were the
attacker would probably be better of breaking into your home or office
for this one.

Secondly, longer RSA keys *are* slower and more memory hungry.  Not
every device someone would want to run OTR on is a PC... think PDAs
and other wireless devices.  There are probably better ways to to use
CPU to improve security.

I could propose some things which would increase security ... but the
biggest improvements for security will come from increasing the number
of people that use OTR and number of ways they can use OTR...
Supporting more platforms, supporting multi-user chat.  Getting rid of
the AIM multiple computers signed on at once OTR-fights.. etc..



More information about the OTR-users mailing list