Trillian Secure IM
Alex Pankratov
ap at poneyhot.org
Mon Oct 8 12:10:35 EDT 2007
> -----Original Message-----
> From: Ian G [mailto:iang at systemics.com]
> Sent: Monday, October 08, 2007 6:05 AM
> To: Peter Gutmann
> Cc: ap at poneyhot.org; cryptography at metzdowd.com
> Subject: Re: Trillian Secure IM
>
> Peter Gutmann wrote:
> > "Alex Pankratov" <ap at poneyhot.org> writes:
> >
> >> SecureIM handshake between two version 3.1 (latest)
> clients takes about .. 48
> >> bytes. That's altogether, 32 bytes in one direction, and
> 16 in another. And
> >> that's between the clients that have never talked to each
> other before, so
> >> there's no "session resuming" business happenning.
> >
> > Or they could be using static/ephemeral DH with fixed
> shared DH key values,
> > which isn't much better. (This is just speculation, it's
> hard to tell without
> > knowing what the exchanged quantities are).
>
>
> Speculation is fun.
>
> But, opportunistic cryptography is even more fun. It is
> very encouraging to see projects implement cryptography in
> limited forms. A system that uses a primitive form of
> encryption is many orders of magnitude more secure than a
> system that implements none.
Primitive form - maybe, weak form - absolutely not. It
is actually worse than having no security at all, because
it tends to create an _illusion_ of protection.
Which is by the way exactly the case with SecureIM. How
hard is it to brute-force 128-bit DH ? My "guesstimate"
is it's an order of minutes or even seconds, depending
on CPU resources.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list