Trillian Secure IM

Marcos el Ruptor ruptor at
Mon Oct 8 08:48:28 EDT 2007

> If that's DH exchange, then it's 128 bit one. Fertile ground
> for some interesting speculation, don't you think ?

There is no speculation. It is 128-bit DH.

I have reported over three years ago to the Trillian forum that they  
are using 128-bit DH and that it is not secure. You can look up my  
messages about it and how much I got abused for it by everyone trying  
to explain to me that 1) it IS secure and 2) no one cares anyway.  
They did not change it since then although they promised to. I'd also  
made an open-source replacement DLL back then with 512-bit ECDH,  
which also supported their 128-bit DH clients if they initiated  
secure communication first, but it may have some compatibility issues  
with later versions of Trillian. It's supposed to display the common  
key fingerprint, not sure if it works now. Feel free to correct it  
and to improve it, but Cerulean Studios won't pay for it. It's still  

Marcos el Ruptor

PS: There was also a buffer overflow in their original DLL if you  
send a very long key. I don't know if they have fixed it or not. I  
haven't used Trillian since I bought a Mac.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list