[Ach] OTR crypto
Hanno Böck
hanno at hboeck.de
Thu Jun 12 15:04:01 CEST 2014
On Thu, 12 Jun 2014 11:49:16 +0200
Adi Kriegisch <adi at kriegisch.at> wrote:
> I just had a short look at OTR and noticed that OTR is using DSA keys;
> trying to find more details I found this:
> https://www.mail-archive.com/otr-dev@lists.cypherpunks.ca/msg00977.html
> "the current long term keys in OTR are using old DSA standard
> NIST 800-57 with 1024 bit prime and with SHA-1 as hash function."
>
> Is there anyone who may comment on the security of OTR? we have OTR
> featured in src/practical_settings/im.tex
They use forward secrecy with a larger DH group size afaik. That makes
the short DSA key less of an issue, although its still not nice.
However, I think there are some more fundamental problems with OTR -
the main being that it is an online-only protocol (which is due to the
fact that they use forward secrecy which is nontrivial to make
offline-compatible).
Most clients fall back to not encrypting at all if the chat partner is
offline. IMHO a usability nightmare.
The whole area of encrypted messaging is kind of a mess. Textsecure
looks quite nice in that regard and uses something called the
Axolotl-Protocol to combine forward secrecy and offline messages.
However it's currently android-only.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140612/e3370c98/attachment.sig>
More information about the Ach
mailing list