[OTR-users] OTR-encryption not safe - DSA 1024bit is too short
dcMhOYBdpZkH at web.de
Thu Dec 13 03:42:21 EST 2012
On 12/13/2012 01:01 AM, Garonda Rodian wrote:
> May I note that at least one reference from a major government agency
> (U.S. NIST SP 800-131A,
> csrc.*nist*.gov/publications/*nist*pubs/800-131A/*sp800-131A*.pdf )
> states that for DH to be "Acceptable" as of Jan 1, 2011, the |p| must
> be >= 2048 bits, with a |q| of >= 224 bits. 1024 bits <= |p| < 2048
> bits and 160 bits <= |q| < 224 bits is listed as "Deprecated" through
> Dec 31, 2013.
> If we plan on moving to Elliptical Curve prior to 2014, then I don't
> have a major issue with 1536 bit DH, but if that's not fairly certain,
> I too would urge a shift to at least a 2048 bit |p| and at least a 224
> bit |q| value on the DH side.
> Alternately, would it be practical to devote a bit to "security
> level", so that can be negotiated also, for those cases where larger
> keys is a major issue - that will also put the framework in place for
> future elliptical curve algorithms.
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
Thanks for this information. So one year is left to either switch to
2048bit or, if it's not hard to implement, to ECC.
And what are a few years difference on the big scale? I'd say v4.1,
released in a few months, should use 2048bit and case closed :) Then you
have enough time to look at ECC :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OTR-users