[OTR-users] LogJam attack and it's affect on OTR?
countrygeek at Safe-mail.net
countrygeek at Safe-mail.net
Tue Jun 2 09:15:56 EDT 2015
Hello,
According to Wikipedia, OTR uses the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function.
Recently it was discovered that weak primes generated under 1024 can be attacked more easily than originally thought, known as the LogJam attack:
https://weakdh.org/
I was wondering what affect this may have on OTR. In particular it may be useful to increase the DH bits to at least 2048, and a SHA256 hash function.
For longer-term security against cracking: AES256, DH-4096, and SHA512 may be even better.
Nevertheless, I would be interested to see what the OTR developers think about this attack and what improvements can be made to the OTR standard.
Thanks.
More information about the OTR-users
mailing list