[OTR-users] OTR-encryption not safe - DSA 1024bit is too short
Ian Goldberg
ian at cypherpunks.ca
Wed Dec 12 11:06:14 EST 2012
On Wed, Dec 12, 2012 at 02:48:51PM +0100, . wrote:
> Off-The-Record (OTR) encryption uses DSA 1024bit (DSA goes up to only
> 1024bit, equals ~1320bit RSA) and is not secure for the next 10years or
> so, or do you want your messages to be readable/encryptable within your
> lifetime?
DSA isn't used for encryption at all, but only for authentication. If
an OTR conversation uses DSA-1024 today, and DSA-1024 is broken next
year, today's conversation remains secure. The authentication crypto
only has to be secure *at the time of the conversation*.
The encryption used by OTR is DH-1536 and AES-128, both of which are
believed to be fine for a while.
- Ian
More information about the OTR-users
mailing list