[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] our circuit symmetric key (for aes) is 127 bits, not 128 bi...
- To: or-cvs@freehaven.net
- Subject: [or-cvs] our circuit symmetric key (for aes) is 127 bits, not 128 bi...
- From: arma@seul.org (Roger Dingledine)
- Date: Mon, 8 Dec 2003 20:04:42 -0500 (EST)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Mon, 08 Dec 2003 20:04:57 -0500
- Reply-to: or-dev@freehaven.net
- Sender: owner-or-cvs@freehaven.net
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or
Modified Files:
onion.c
Log Message:
our circuit symmetric key (for aes) is 127 bits, not 128 bits.
we accept that.
Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -d -r1.103 -r1.104
--- onion.c 7 Dec 2003 22:03:47 -0000 1.103
+++ onion.c 9 Dec 2003 01:04:40 -0000 1.104
@@ -575,13 +575,13 @@
if (crypto_rand(16, pubkey))
goto err;
-
- /* XXXX You can't just run around RSA-encrypting any bitstream: if it's
- * greater than the RSA key, then OpenSSL will happily encrypt,
- * and later decrypt to the wrong value. So we set the first bit
- * of 'pubkey' to 0. This means that our symmetric key is really only
- * 127 bits long, but since it shouldn't be necessary to encrypt
- * DH public keys values in the first place, we should be fine.
+
+ /* You can't just run around RSA-encrypting any bitstream: if it's
+ * greater than the RSA key, then OpenSSL will happily encrypt,
+ * and later decrypt to the wrong value. So we set the first bit
+ * of 'pubkey' to 0. This means that our symmetric key is really only
+ * 127 bits long, but since it shouldn't be necessary to encrypt
+ * DH public keys values in the first place, we should be fine.
*/
pubkey[0] &= 0x7f;