Re: [tor-bugs] #6088 [Tor Relay]: Gather data about possible transition to 2048bit RSA/DHE

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#6088: Gather data about possible transition to 2048bit RSA/DHE
-------------------------+--------------------------------------------------
 Reporter:  ioerror      |          Owner:  ioerror         
     Type:  enhancement  |         Status:  new             
 Priority:  normal       |      Milestone:  Tor: unspecified
Component:  Tor Relay    |        Version:  Tor: unspecified
 Keywords:               |         Parent:                  
   Points:               |   Actualpoints:                  
-------------------------+--------------------------------------------------

Comment(by ioerror):

 Ivan wrote back and he says:

 {{{
 I may have the data already; have a look at the samples below. Each of
 these is the contents of a "suites" field. DH parameters are recorded
 when offered by the server.

 To calculate the strength, multiply DH_p by 8.

 10080; 20080; 30080; 40080; 60040; 700c0; 80080; 3; 4; 5; 6; 8; 9; a; 14
 (DH_p 64, DH_g 1, DH_Ys 64); 15 (DH_p 128, DH_g 1, DH_Ys 128); 16 (DH_p
 128, DH_g 1, DH_Ys 128); 2f; 33 (DH_p 128, DH_g 1, DH_Ys 128); 35; 39
 (DH_p 128, DH_g 1, DH_Ys 128);

  a; 16 (DH_p 128, DH_g 1, DH_Ys 128); 2f; 33 (DH_p 128, DH_g 1, DH_Ys
 128); 35; 39 (DH_p 128, DH_g 1, DH_Ys 128); 41; 45 (DH_p 128, DH_g 1,
 DH_Ys 128); 84; 88 (DH_p 128, DH_g 1, DH_Ys 128);

  4; 5; a; 16 (DH_p 128, DH_g 1, DH_Ys 128); 2f; 33 (DH_p 128, DH_g 1,
 DH_Ys 128); 35; 39 (DH_p 128, DH_g 1, DH_Ys 128);

  a; 16 (DH_p 128, DH_g 1, DH_Ys 128); 2f; 33 (DH_p 128, DH_g 1, DH_Ys
 128); 35; 39 (DH_p 128, DH_g 1, DH_Ys 128);

  a; 16 (DH_p 128, DH_g 1, DH_Ys 128); 2f; 33 (DH_p 128, DH_g 1, DH_Ys
 128); 35; 39 (DH_p 128, DH_g 1, DH_Ys 128);

  a; 16 (DH_p 128, DH_g 1, DH_Ys 128); 2f; 33 (DH_p 128, DH_g 1, DH_Ys
 128); 35; 39 (DH_p 128, DH_g 1, DH_Ys 128);

  4; 5; a; 16 (DH_p 128, DH_g 1, DH_Ys 128); 2f; 33 (DH_p 128, DH_g 1,
 DH_Ys 128); 35; 39 (DH_p 128, DH_g 1, DH_Ys 128);

 Here are some crude stats:

 - There are 215,607 in my database
 - 118,641 hostnames support DH in some form
 - 311 have DH_p of 256.

 ...

 So the number may be 314


 I plan to release my raw data to everyone next week.
 }}}

 So we're good with RSA 2048bit but we're not so good with the thing that
 REALLY matters which is 2048bit DH. :( Shit luck!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6088#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs