[OTR-users] OTR-encryption not safe - DSA 1024bit is too short

. dcMhOYBdpZkH at web.de
Wed Dec 12 13:51:38 EST 2012

On 12/12/2012 05:06 PM, Ian Goldberg wrote:
> On Wed, Dec 12, 2012 at 02:48:51PM +0100, . wrote:
>> Off-The-Record (OTR) encryption uses DSA 1024bit (DSA goes up to only
>> 1024bit, equals ~1320bit RSA) and is not secure for the next 10years or
>> so, or do you want your messages to be readable/encryptable within your
>> lifetime?
> DSA isn't used for encryption at all, but only for authentication.  If
> an OTR conversation uses DSA-1024 today, and DSA-1024 is broken next
> year, today's conversation remains secure.  The authentication crypto
> only has to be secure *at the time of the conversation*.
> The encryption used by OTR is DH-1536 and AES-128, both of which are
> believed to be fine for a while.
>    - Ian
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users

DH-1536 is RSA-1536 I guess (for exchanging the AES key, and use AES
then for speed reasons). But isn't the traffic captured anyway and if
one can encrypt RSA-1536 and see the AES key, then the security is
broken. Why not use RSA-4096? Is it because of the computation time? Why
is it not possible to choose RSA-4096 in the pidgin-otr plugin?

More information about the OTR-users mailing list