Discussion:
[whispersystems] Encryption Security
Justin
2015-10-17 01:25:30 UTC
Permalink
Hello,
I’ve heard that a lot of Diffey Helman key exchanges are vulnerable to a nation state attacker because they use the same prime numbers. Is the TLS that protects conversation metadata vulnerable or has Open Whisper Systems been using elliptic curves? Also, would OTR be vulnerable because it uses regular DH?
Thanks,
Justin.
Josh
2015-10-17 07:40:18 UTC
Permalink
They use elliptic curves. check out
https://en.wikipedia.org/wiki/TextSecure#Encryption_protocol
Post by Justin
Hello,
I’ve heard that a lot of Diffey Helman key exchanges are vulnerable to a
nation state attacker because they use the same prime numbers. Is the TLS
that protects conversation metadata vulnerable or has Open Whisper Systems
been using elliptic curves? Also, would OTR be vulnerable because it uses
regular DH?
Thanks,
Justin.
Seth David Schoen
2015-10-17 17:27:23 UTC
Permalink
Post by Josh
They use elliptic curves. check out
https://en.wikipedia.org/wiki/TextSecure#Encryption_protocol
OTR does use classic Diffie-Hellman, but with a particular 1536-bit
group, which is larger than the 1024-bit groups that the researchers
warned about.

https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html

OTR's DH exchanges are stronger than the ones the researchers believe
are being broken today, but weaker than the methods the researchers
recommended upgrading to. This research was announced several months
ago, though only formally published this week. There was a discussion
by the OTR developers about the impact on OTR's key exchange back in May:

https://lists.cypherpunks.ca/pipermail/otr-dev/2015-May/date.html

In that discussion, Ian Goldberg said "there is no reason to believe
that the 1536-bit DH group used by OTR is vulnerable".

OTR has several of its own mailing lists, which would be a more
appropriate place to continue any discussion about OTR's security.

https://otr.cypherpunks.ca/index.php#lists
--
Seth Schoen <***@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
Loading...