[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5598 [Tor Relay]: Turn DynamicDHGroups off by default

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5598 [Tor Relay]: Turn DynamicDHGroups off by default
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 26 May 2012 18:32:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 26 May 2012 14:33:03 -0400
In-reply-to: <047.21f48fdd5a568ee404845e1f801d136a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.21f48fdd5a568ee404845e1f801d136a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5598: Turn DynamicDHGroups off by default
-------------------------+--------------------------------------------------
 Reporter:  rransom      |          Owner:     
     Type:  enhancement  |         Status:  new
 Priority:  minor        |      Milestone:     
Component:  Tor Relay    |        Version:     
 Keywords:               |         Parent:     
   Points:               |   Actualpoints:     
-------------------------+--------------------------------------------------

Comment(by mikeperry):

 Replying to [comment:12 iang]:
 >
 > If we're worried about the difference between solving DLs in a single,
 common, 1024-bit Zp group versus solving it for lots of different 1024-bit
 Zp groups, then our prime is way too small.  You don't want to be anywhere
 near the place where even one (random) problem of that size could be
 solved (with acceptable probability in reasonable time).

 I agree. But we're sort of stuck there for about another year though, I
 bet. :/

 > It's true that precomputation tables make it faster to compute DLs for a
 fixed prime once you've built the tables, but if they can do it once, in a
 few years, they'll probably be able to do it often.

 Ah, right. So either way the "P" in PFS is probably gone eventually for
 specific traffic streams...

 Personally though, my choice would be for the bastards to have to have at
 least a few more cages full of machines occupied by computing and storing
 DL tables rather than actual people's unconstitutionally obtained personal
 data :)

 If it were up to me, I wouldn't even store the dynamic DH modulus on disk
 at all.. Let it rotate early and often (again, assuming the ones we
 generate are just as "prime" as the apache prime).

 After all, there are a fairly large number of these primes to choose from
 (something around O(2^1014), right?).. Like Pokemon, They gotta collect
 'em all...

 And by then, we'll have upgraded our DH handshake either to EC or larger
 primes.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5598#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5598 [Tor Relay]: Turn DynamicDHGroups off by default
Next by Author: Re: [tor-bugs] #5598 [Tor Relay]: Turn DynamicDHGroups off by default
Previous by thread: Re: [tor-bugs] #5598 [Tor Relay]: Turn DynamicDHGroups off by default
Next by thread: Re: [tor-bugs] #5598 [Tor Relay]: Turn DynamicDHGroups off by default
Index(es):
- Author
- Thread