On 29.12.2014 00:40, Gregory Maxwell wrote: > http://www.spiegel.de/media/media-35552.pdf > >>From >>http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html > > The fact that they appear to have decrypted some but not all messages > in a log suggests to me that this is not a host compromise, or an > MITM. But potentially an attack on 1024 bit DH or AES-CTR? > _______________________________________________ > OTR-dev mailing list > [email protected] > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > >
On the IETF TLS mailing list there was a guess about batch NFS, which can used to attack 1024-bit DH https://www.ietf.org/mail-archive/web/tls/current/msg14927.html More details about Batch NFS http://cr.yp.to/factorization/batchnfs-20141109.pdf https://en.wikipedia.org/wiki/Number_field_sieve Also the libotr AES implementation uses S-Boxes, so can be attacked using Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf AES-CTR should implemented using bitsliced AES. http://cr.yp.to/aes-speed/aesspeed-20080926.pdf _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
