[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-core crypto | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------+------------------------------------
Comment (by yawning):
Replying to [comment:8 bugzilla]:
> If an adversary could make a fallback in TLS session, then it'd be
seamless for the user.
That requires breaking TLS, or the relay being malicious. In both cases,
you lose regardless of what cipher suite you're using.
> > Use P-256
> It's not so good as it seems. 256-bit PK is theoretically strong as
128-bit AES key, but 112-bit can be broken, and the same for 128-bit in
the near future. And what's then? Urgently disable P-256 fallback from
P-384?
Sigh.
If anything I'd move to X448 over P-384, but there's not much point when
ntor is X25519 based, and relay identities are signed with Ed25519.
Assuming you aren't doing anything clever with batch attacks (which aren't
applicable to properly implemented P-256, X25519, or X448), public key
cryptography with 112/128 bit security levels require a quantum computer
to break.
It's also worth nothing that to get a 128 bit security level with classic
DH, you need a group that is at least 3248 bits, which would have
catastrophic performance implications.
Anyway, this is orthogonal to the ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs