On Thu, May 21, 2015 at 08:39:43PM +0300, Shnatsel . wrote: > Dear OTR developers, > > I'm following up on the recent findings in Diffie-Hellman key exchange > published at https://weakdh.org/ > > In a nutshell, a state agency kind of adversary can probably break a few > common Diffie-Hellman groups and passively decrypt a significant part of > encrypted communications over multiple protocols.
That is indeed believed to be true for <= 1024-bit keys. (It is demonstrably true for 512-bit, even for random single people; 768-bit keys are likely doable for researchers or companies with big compute farms.) > As far as I understand OTR uses Diffie-Hellman key exchange in the > protocol. I'd like to know if OTR is vulnerable to this attack. > > Thanks in advance, > -- > Sergey "Shnatsel" Davidoff No, there is no reason to believe that the 1536-bit DH group used by OTR is vulnerable. - Ian _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
