[guardian-dev] Fwd: Re: [OTR-users] OTR mentioned in Snowden documents?

Abel Luck abel at guardianproject.info
Mon Sep 23 14:04:08 EDT 2013 

Hans-Christoph Steiner:
> 
> OTR is just DSA as far as I know.  If this affects EC, then TextSecure could
> be vulnerable.
> 

Yes, OTR uses standard DSA. TextSecure uses a P-256 curve in its ECDH
[1], so it might be vulnerable here.

What's the source of this claim btw?

~abel

[1]: https://github.com/WhisperSystems/TextSecure/wiki/Protocol

> .hc
> 
> On 09/11/2013 12:56 PM, Dev Random wrote:
>> There's no Elliptic Curve in OTR, right?
>>
>> On 09/11/2013 08:01 AM, Nathan of Guardian wrote:
>>> Anyone have some time to dig into the potential malicious seed in
>>> bouncycastle issue below?
>>>
>>>
>>> -------- Original Message --------
>>> Subject: 	Re: [OTR-users] OTR mentioned in Snowden documents?
>>> Date: 	Wed, 11 Sep 2013 07:47:00 -0700
>>> From: 	Mike Minor <mike at firstworldproblems.com>
>>> To: 	Nathan of Guardian <nathan at guardianproject.info>
>>> CC: 	otr-users at lists.cypherpunks.ca
>>>
>>>
>>>
>>> On Sep 6, 2013, at 10:02 AM, Nathan of Guardian <nathan at guardianproject.info> wrote:
>>>
>>>> On 09/06/2013 12:40 PM, Mike Minor wrote:
>>>>> I thought I might poke some discussion as to where the weaknesses might be in an OTR implementation where you are using the currently known best practices (verifying fingerprints, etc)
>>>> Excellent point, and true that if there were mass MITM on OTR sessions,
>>>> those of us who do verify would notice.
>>>>
>>>> One fear I have had has been around OTR4J (which we use in Gibberbot,
>>>> and others like Jitsi do as well) and our dependency on BouncyCastle
>>>> libraries, and Java, as well for that.
>>>>
>>>> With the recent weakness found in the Android PRNG, I fear there may be
>>>> other "oops" bugs, either intentional or not, somewhere in that stack.
>>>>
>>>> +n
>>>
>>> The constant "c49d360886e704936a6678e1139d26b7819f7e90" appears to be a malicious non-random seed for the prime256v1 curve that is found in BouncyCastle.  Are you relying on it in your code?
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Guardian-dev mailing list
>>>
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>
>>> To Unsubscribe
>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/c1.devrandom%40niftybox.net
>>>
>>> You are subscribed as: c1.devrandom at niftybox.net
>>
>>
>>
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>
>> You are subscribed as: hans at guardianproject.info
>>
>

More information about the Guardian-dev mailing list