[OTR-users] OTR-encryption not safe - DSA 1024bit is too short

Ian Goldberg ian at cypherpunks.ca
Wed Dec 12 11:06:14 EST 2012

On Wed, Dec 12, 2012 at 02:48:51PM +0100, . wrote:
> Off-The-Record (OTR) encryption uses DSA 1024bit (DSA goes up to only
> 1024bit, equals ~1320bit RSA) and is not secure for the next 10years or
> so, or do you want your messages to be readable/encryptable within your
> lifetime?

DSA isn't used for encryption at all, but only for authentication.  If
an OTR conversation uses DSA-1024 today, and DSA-1024 is broken next
year, today's conversation remains secure.  The authentication crypto
only has to be secure *at the time of the conversation*.

The encryption used by OTR is DH-1536 and AES-128, both of which are
believed to be fine for a while.

   - Ian

More information about the OTR-users mailing list