[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] our circuit symmetric key (for aes) is 127 bits, not 128 bi...



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or

Modified Files:
	onion.c 
Log Message:
our circuit symmetric key (for aes) is 127 bits, not 128 bits.
we accept that.


Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -d -r1.103 -r1.104
--- onion.c	7 Dec 2003 22:03:47 -0000	1.103
+++ onion.c	9 Dec 2003 01:04:40 -0000	1.104
@@ -575,13 +575,13 @@
 
   if (crypto_rand(16, pubkey))
     goto err;
-  
-  /* XXXX You can't just run around RSA-encrypting any bitstream: if it's
-   *      greater than the RSA key, then OpenSSL will happily encrypt,
-   *      and later decrypt to the wrong value.  So we set the first bit
-   *      of 'pubkey' to 0.  This means that our symmetric key is really only
-   *      127 bits long, but since it shouldn't be necessary to encrypt
-   *      DH public keys values in the first place, we should be fine.
+
+  /* You can't just run around RSA-encrypting any bitstream: if it's
+   * greater than the RSA key, then OpenSSL will happily encrypt,
+   * and later decrypt to the wrong value.  So we set the first bit
+   * of 'pubkey' to 0.  This means that our symmetric key is really only
+   * 127 bits long, but since it shouldn't be necessary to encrypt
+   * DH public keys values in the first place, we should be fine.
    */
   pubkey[0] &= 0x7f;