0. What use would a break of a random OTR user's AES-128 be if it took millions of dollars, years and a significant chunk of all the memory that exists? And only a single session key's worth.
1. Does that not mean that NIST considers AES-128 secure?
2. Who exactly thinks that 1536 bit DH is breakable by nation states? The closest I have heard is 1024 bit DH. Note that we are talking messaging here where a break gets you one users messages.
3. Exactly what sort of attack would be possible against OTR using a practical SHA-1 collision?
1. Does that not mean that NIST considers AES-128 secure?
2. Who exactly thinks that 1536 bit DH is breakable by nation states? The closest I have heard is 1024 bit DH. Note that we are talking messaging here where a break gets you one users messages.
3. Exactly what sort of attack would be possible against OTR using a practical SHA-1 collision?