[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17748 [Tor]: Is RSA-1024 secure enough to be used to identify HS

Subject: Re: [tor-bugs] #17748 [Tor]: Is RSA-1024 secure enough to be used to identify HS
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 03 Dec 2015 23:02:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 Dec 2015 18:02:25 -0500
In-reply-to: <051.be053c8bb86eb384d474a56fc292cfaa@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.be053c8bb86eb384d474a56fc292cfaa@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17748: Is RSA-1024 secure enough to be used to identify HS
-------------------------+---------------------
 Reporter:  cypherpunks  |          Owner:
     Type:  defect       |         Status:  new
 Priority:  Medium       |      Milestone:
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:  tor-hs       |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+---------------------

Comment (by teor):

 I'm not sure if raising a ticket is the best way to get answers to these
 kinds of questions: overall, if we're using a cryptographic primitive in
 Tor, we believe it's secure enough, or we're making plans to transition
 away from it.

 As far as ECC is concerned:

 It depends on the curve, the implementation, and the threat model.

 You may find the following comparison of different ECC schemes helpful:
 http://safecurves.cr.yp.to/

 It's worth noting that ed25519 fulfils all the criteria listed on the
 site.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17748#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17748 [- Select a component]: Is RSA-1024 secure enough to be used to identify HS
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17741 [GetTor]: GetTor RESTful API
Next by Author: Re: [tor-bugs] #4692 [Tor]: If only a working static OpenSSL is available, ./configure fails
Previous by thread: Re: [tor-bugs] #17748 [Tor]: Is RSA-1024 secure enough to be used to identify HS
Next by thread: Re: [tor-bugs] #17748 [Tor]: Is RSA-1024 secure enough to be used to identify HS
Index(es):
- Author
- Thread