[prev in list] [next in list] [prev in thread] [next in thread] 

List:       otr-announce
Subject:    [OTR-announce] OTR 1.0.2 is online
From:       Ian Goldberg <ian () cypherpunks ! ca>
Date:       2004-12-21 19:48:44
Message-ID: E1Cgpzw-0000q0-NZ () smtp ! paip ! net
[Download RAW message or body]

I've put 1.0.2 online.  Changes:

* If a Man-in-the-Middle steals both Alice's and Bob's DSA private keys,
  he can perform a birthday attack to try to get his session id with
  each end to match. Since the session id was only 64 bits long, his
  work was only 2^32, which is not enough. We now make the session id
  the whole SHA-1 hash, instead of truncating it, to protect against
  even this unlikely scenario.

* Made otr_sesskeys output the calculated public key as well, for added
  ease of forging messages when you don't know any plaintext.

deb's and rpm's are there, too.

http://www.cypherpunks.ca/otr/

   - Ian

[prev in list] [next in list] [prev in thread] [next in thread]