Trillian Secure IM

Alex Pankratov ap at
Mon Oct 8 12:10:35 EDT 2007


> -----Original Message-----
> From: Ian G [mailto:iang at] 
> Sent: Monday, October 08, 2007 6:05 AM
> To: Peter Gutmann
> Cc: ap at; cryptography at
> Subject: Re: Trillian Secure IM
> Peter Gutmann wrote:
> > "Alex Pankratov" <ap at> writes:
> > 
> >> SecureIM handshake between two version 3.1 (latest) 
> clients takes about .. 48
> >> bytes. That's altogether, 32 bytes in one direction, and 
> 16 in another. And
> >> that's between the clients that have never talked to each 
> other before, so
> >> there's no "session resuming" business happenning.
> > 
> > Or they could be using static/ephemeral DH with fixed 
> shared DH key values,
> > which isn't much better.  (This is just speculation, it's 
> hard to tell without
> > knowing what the exchanged quantities are).
> Speculation is fun.
> But, opportunistic cryptography is even more fun.  It is 
> very encouraging to see projects implement cryptography in 
> limited forms.  A system that uses a primitive form of 
> encryption is many orders of magnitude more secure than a 
> system that implements none.

Primitive form - maybe, weak form - absolutely not. It 
is actually worse than having no security at all, because 
it tends to create an _illusion_ of protection. 

Which is by the way exactly the case with SecureIM. How 
hard is it to brute-force 128-bit DH ? My "guesstimate"
is it's an order of minutes or even seconds, depending
on CPU resources.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list