[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] NSA supercomputer

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] NSA supercomputer
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Thu, 4 Apr 2013 08:17:29 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 04 Apr 2013 08:17:41 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=+XkVsex8TCLU+ZtPYiklz/HtuSYOpyoXNC/l7cv+85M=; b=YwmVocSrxUe3U/GsEaTT+YRtLEsqAaVuPtOPGl2VFubO+RpwMbXEWUDrARH5On2PJx WCmBkdMPVg6MtBc1PMQy85IADUELUz1ye8p8HTJS5ssKYlo7kIza45vGj+xIGIpci/d3 /6XzsnmfHGytJN/HiRZ/1y98dHrkWqe0ac+qwKmiEgXUHQ1IfBD+6NqjANxeVyA5n4p3 MR/rSO+254DScCgqEzGSzW8FLS75zod/AQe/vg8FbKXlzl9H5szLSF9le+GPhrThmWFi ZpOTWIPmLj1ByphObleMN4KAeJ1+5/MdmfeZAVXh7DjlmT+6cS8YtSfCn/ypwtRVMx0W /2rQ==
In-reply-to: <0wpiettdamlg76bjqn8pb4ky.1365069110984@xxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <0wpiettdamlg76bjqn8pb4ky.1365069110984@xxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Thu, Apr 4, 2013 at 5:51 AM, Bernard Tyers <ei8fdb@xxxxxxxxxx> wrote:
> Hi,
>
> Is there a reason 1024 bit keys, instead of something higher is not used? Do higher bit keys affect host performance, or network latency?

Because in 2003/2004, when we were designing Tor, 1024-bit keys seemed
like they would probably be good enough, AND we weren't confident of
our ability to support arbitrary key sizes without screwing it up.

But as of 0.2.4, the forward-secrecy[0] parts of Tor[*] now support
256-bit ECC keys, which are probably about as good as 3072-bit RSA/DH
keys, and a lot faster for most uses.  I'd like to make more of the
authentication parts of Tor support ECC over the next couple of
releases.

[0] https://en.wikipedia.org/wiki/Perfect_forward_secrecy

[*] Specifically, the ephemeral-key part of the TLS handshake supports
P224 or P256 if both Tors were built with a recent OpenSSL version;
and the circuit handshake supports the "ntor" protocol with curve25519
if the client has UseNtorHandshake turned on. I want to make that
on-by-default before the release.[**]

[**] https://trac.torproject.org/projects/tor/ticket/8561

--
Nick
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] NSA supercomputer
  - From: cmeclax

References:
- Re: [tor-talk] NSA supercomputer
  - From: Bernard Tyers

Prev by Author: Re: [tor-talk] Hi, does Nintendo block Tor. I can't reach Nintendo
Next by Author: Re: [tor-talk] ExcludeEntryNodes
Previous by thread: Re: [tor-talk] NSA supercomputer
Next by thread: Re: [tor-talk] NSA supercomputer
Index(es):
- Author
- Thread