[OTR-users] OTR mentioned in Snowden documents?
Mike Minor
mike at firstworldproblems.com
Wed Sep 11 10:47:00 EDT 2013
On Sep 6, 2013, at 10:02 AM, Nathan of Guardian <nathan at guardianproject.info> wrote:
> On 09/06/2013 12:40 PM, Mike Minor wrote:
>> I thought I might poke some discussion as to where the weaknesses might be in an OTR implementation where you are using the currently known best practices (verifying fingerprints, etc)
> Excellent point, and true that if there were mass MITM on OTR sessions,
> those of us who do verify would notice.
>
> One fear I have had has been around OTR4J (which we use in Gibberbot,
> and others like Jitsi do as well) and our dependency on BouncyCastle
> libraries, and Java, as well for that.
>
> With the recent weakness found in the Android PRNG, I fear there may be
> other "oops" bugs, either intentional or not, somewhere in that stack.
>
> +n
The constant "c49d360886e704936a6678e1139d26b7819f7e90" appears to be a malicious non-random seed for the prime256v1 curve that is found in BouncyCastle. Are you relying on it in your code?
More information about the OTR-users
mailing list