On Tue, Feb 19, 2013 at 2:42 PM, Ileana <[email protected]> wrote: > #define CIPHER_IV_LEN 16
To be fair— AES 256 has certificational weaknesses with a lower work factor then the best attacks on 128 bit AES. They don't appear to matter in practice, but I'm not aware of a threat model where 256 bit AES would make a material improvement, except perhaps the attacker-has-arbitrarily-good-quantum-computers model... and under that model all the key derivation (curve25519 and DHKE) fails completely in any case. _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
