[OTR-users] OTR-encryption not safe - DSA 1024bit is too short

Riptide Tempora riptide.tempora at opinehub.com
Wed Dec 12 11:13:47 EST 2012

Are there any plans to eventually move towards an ECC-based protocol? Does
SMP even work with ECC?

On Wed, Dec 12, 2012 at 11:06 AM, Ian Goldberg <ian at cypherpunks.ca> wrote:

> On Wed, Dec 12, 2012 at 02:48:51PM +0100, . wrote:
> > Off-The-Record (OTR) encryption uses DSA 1024bit (DSA goes up to only
> > 1024bit, equals ~1320bit RSA) and is not secure for the next 10years or
> > so, or do you want your messages to be readable/encryptable within your
> > lifetime?
> DSA isn't used for encryption at all, but only for authentication.  If
> an OTR conversation uses DSA-1024 today, and DSA-1024 is broken next
> year, today's conversation remains secure.  The authentication crypto
> only has to be secure *at the time of the conversation*.
> The encryption used by OTR is DH-1536 and AES-128, both of which are
> believed to be fine for a while.
>    - Ian
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20121212/f1315003/attachment.html>

More information about the OTR-users mailing list