[OTR-users] OTR-encryption not safe - DSA 1024bit is too short
riptide.tempora at opinehub.com
Wed Dec 12 11:13:47 EST 2012
Are there any plans to eventually move towards an ECC-based protocol? Does
SMP even work with ECC?
On Wed, Dec 12, 2012 at 11:06 AM, Ian Goldberg <ian at cypherpunks.ca> wrote:
> On Wed, Dec 12, 2012 at 02:48:51PM +0100, . wrote:
> > Off-The-Record (OTR) encryption uses DSA 1024bit (DSA goes up to only
> > 1024bit, equals ~1320bit RSA) and is not secure for the next 10years or
> > so, or do you want your messages to be readable/encryptable within your
> > lifetime?
> DSA isn't used for encryption at all, but only for authentication. If
> an OTR conversation uses DSA-1024 today, and DSA-1024 is broken next
> year, today's conversation remains secure. The authentication crypto
> only has to be secure *at the time of the conversation*.
> The encryption used by OTR is DH-1536 and AES-128, both of which are
> believed to be fine for a while.
> - Ian
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OTR-users