[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.



#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
 Reporter:  yawning          |          Owner:
     Type:  enhancement      |         Status:  needs_review
 Priority:  Medium           |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor              |        Version:  Tor: unspecified
 Severity:  Normal           |     Resolution:
 Keywords:  tor-core crypto  |  Actual Points:
Parent ID:                   |         Points:
  Sponsor:                   |
-----------------------------+------------------------------------

Comment (by yawning):

 Replying to [comment:8 bugzilla]:
 > If an adversary could make a fallback in TLS session, then it'd be
 seamless for the user.

 That requires breaking TLS, or the relay being malicious.  In both cases,
 you lose regardless of what cipher suite you're using.

 > > Use P-256
 > It's not so good as it seems. 256-bit PK is theoretically strong as
 128-bit AES key, but 112-bit can be broken, and the same for 128-bit in
 the near future. And what's then? Urgently disable P-256 fallback from
 P-384?

 Sigh.

 If anything I'd move to X448 over P-384, but there's not much point when
 ntor is X25519 based, and relay identities are signed with Ed25519.

 Assuming you aren't doing anything clever with batch attacks (which aren't
 applicable to properly implemented P-256, X25519, or X448), public key
 cryptography with 112/128 bit security levels require a quantum computer
 to break.

 It's also worth nothing that to get a 128 bit security level with classic
 DH, you need a group that is at least 3248 bits, which would have
 catastrophic performance implications.

 Anyway, this is orthogonal to the ticket.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs