zlacker

[return to "Inside the NSA's War on Internet Security"]
1. nullc+x9[view] [source] 2014-12-28 23:35:57
>>Fabian+(OP)
The fact that they broke some but not all the OTR messages in the log suggests to me that their attack is not a MITM, but instead a compromise of the 1024 bit DH or CTR mode AES.
◧◩
2. tptace+3e[view] [source] 2014-12-29 01:28:46
>>nullc+x9
Do you really think NSA has compromised AES-CTR? That would have to be a pretty fundamental attack, wouldn't it?
◧◩◪
3. nullc+xy[view] [source] 2014-12-29 12:16:42
>>tptace+3e
I am not trying to draw any conclusions. Just exploring what the data seems to support.

Another alternative (mentioned on otr-dev) is an implementation which uses a low quality rng feeding the ECDH might result in some messages being recoverable and others not.

An attack on CTR would indeed be pretty fundamental. Though some of the other documents appeared to support some level of cryptanalysis capability against some implementations of at least some symmetric ciphers.

◧◩◪◨
4. tptace+xQ[view] [source] 2014-12-29 17:00:24
>>nullc+xy
Can you think through a scenario in which CTR could be broken? CTR, in particular. What's a hypothetical here?
[go to top]