[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #17110 [Tor]: Hardening security - HidServAuth
#17110: Hardening security - HidServAuth
----------------------+----------------------------------
Reporter: ikurua22 | Owner:
Type: task | Status: new
Priority: major | Milestone: Tor: unspecified
Component: Tor | Version: Tor: unspecified
Keywords: | Actual Points:
Parent ID: | Points:
----------------------+----------------------------------
I've detected someone bruteforce my HiddenServiceAuthrozeClient key
and using it to access my HiddenService.
Client computers are NOT compromised.
HidServAuth can be compromise by brute force, because it's length is
just 16.
Please make it extremely longer, for example, 4096bit.
Or add ".crt/.pem" authorization method.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17110>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs