[OTR-users] OTR-encryption not safe - DSA 1024bit is too short

Garonda Rodian deepside at hotmail.com
Wed Dec 12 19:01:42 EST 2012

May I note that at least one reference from a major government agency (U.S. NIST SP 800-131A, csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf ) states that for DH to be "Acceptable" as of Jan 1, 2011, the |p| must be >= 2048 bits, with a |q| of >= 224 bits.  1024 bits <= |p| < 2048 bits and 160 bits <= |q| < 224 bits is listed as "Deprecated" through Dec 31, 2013.

If we plan on moving to Elliptical Curve prior to 2014, then I don't have a major issue with 1536 bit DH, but if that's not fairly certain, I too would urge a shift to at least a 2048 bit |p| and at least a 224 bit |q| value on the DH side.

Alternately, would it be practical to devote a bit to "security level", so that can be negotiated also, for those cases where larger keys is a major issue - that will also put the framework in place for future elliptical curve algorithms.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20121213/750b323f/attachment.html>

More information about the OTR-users mailing list