[OTR-users] LogJam attack and it's affect on OTR?

countrygeek at Safe-mail.net countrygeek at Safe-mail.net
Tue Jun 2 09:15:56 EDT 2015


Hello,
According to Wikipedia, OTR uses the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.

Recently it was discovered that weak primes generated under 1024 can be attacked more easily than originally thought, known as the LogJam attack:
https://weakdh.org/

I was wondering what affect this may have on OTR. In particular it may be useful to increase the DH bits to at least 2048, and a SHA256 hash function.

For longer-term security against cracking: AES256, DH-4096, and SHA512 may be even better.

Nevertheless, I would be interested to see what the OTR developers think about this attack and what improvements can be made to the OTR standard.

Thanks.


More information about the OTR-users mailing list