> -----Original Message----- > From: Ian G [mailto:[EMAIL PROTECTED] > Sent: Monday, October 08, 2007 6:05 AM > To: Peter Gutmann > Cc: [EMAIL PROTECTED]; cryptography@metzdowd.com > Subject: Re: Trillian Secure IM > > Peter Gutmann wrote: > > "Alex Pankratov" <[EMAIL PROTECTED]> writes: > > > >> SecureIM handshake between two version 3.1 (latest) > clients takes about .. 48 > >> bytes. That's altogether, 32 bytes in one direction, and > 16 in another. And > >> that's between the clients that have never talked to each > other before, so > >> there's no "session resuming" business happenning. > > > > Or they could be using static/ephemeral DH with fixed > shared DH key values, > > which isn't much better. (This is just speculation, it's > hard to tell without > > knowing what the exchanged quantities are). > > > Speculation is fun. > > But, opportunistic cryptography is even more fun. It is > very encouraging to see projects implement cryptography in > limited forms. A system that uses a primitive form of > encryption is many orders of magnitude more secure than a > system that implements none.
Primitive form - maybe, weak form - absolutely not. It is actually worse than having no security at all, because it tends to create an _illusion_ of protection. Which is by the way exactly the case with SecureIM. How hard is it to brute-force 128-bit DH ? My "guesstimate" is it's an order of minutes or even seconds, depending on CPU resources. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]