[Ach] OTR crypto

Hanno Böck hanno at hboeck.de
Thu Jun 12 15:04:01 CEST 2014

On Thu, 12 Jun 2014 11:49:16 +0200
Adi Kriegisch <adi at kriegisch.at> wrote:

> I just had a short look at OTR and noticed that OTR is using DSA keys;
> trying to find more details I found this:
> https://www.mail-archive.com/otr-dev@lists.cypherpunks.ca/msg00977.html
> "the current long term keys in OTR are using old DSA standard
>  NIST 800-57 with 1024 bit prime and with SHA-1 as hash function."
> Is there anyone who may comment on the security of OTR? we have OTR
> featured in src/practical_settings/im.tex

They use forward secrecy with a larger DH group size afaik. That makes
the short DSA key less of an issue, although its still not nice.

However, I think there are some more fundamental problems with OTR -
the main being that it is an online-only protocol (which is due to the
fact that they use forward secrecy which is nontrivial to make

Most clients fall back to not encrypting at all if the chat partner is
offline. IMHO a usability nightmare.

The whole area of encrypted messaging is kind of a mess. Textsecure
looks quite nice in that regard and uses something called the
Axolotl-Protocol to combine forward secrecy and offline messages.
However it's currently android-only.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140612/e3370c98/attachment.sig>

More information about the Ach mailing list