[prev in list] [next in list] [prev in thread] [next in thread]
List: otr-announce
Subject: [OTR-announce] OTR 1.0.2 is online
From: Ian Goldberg <ian () cypherpunks ! ca>
Date: 2004-12-21 19:48:44
Message-ID: E1Cgpzw-0000q0-NZ () smtp ! paip ! net
[Download RAW message or body]
I've put 1.0.2 online. Changes:
* If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys,
he can perform a birthday attack to try to get his session id with
each end to match. Since the session id was only 64 bits long, his
work was only 2^32, which is not enough. We now make the session id
the whole SHA-1 hash, instead of truncating it, to protect against
even this unlikely scenario.
* Made otr_sesskeys output the calculated public key as well, for added
ease of forging messages when you don't know any plaintext.
deb's and rpm's are there, too.
http://www.cypherpunks.ca/otr/
- Ian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic