[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3207 [Tor Relay]: limit more keys to the exponent we specify
#3207: limit more keys to the exponent we specify
-------------------------+--------------------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by asn):
Replying to [comment:1 arma]:
> Are we ever going to want keys with different exponents, in the distant
future? Or is it always a bad idea for sure?
>
> My crypto crystal ball is not good enough, but some external advice
might be good here.
Cryptographically, I don't see any problems with this. OAEP solved same
small exponents attacks years ago, and 65537 is not a small exponent
either.
Wikipedia also says:
"The NIST Special Publication on Computer Security (SP 800-78 Rev 1 of
August 2007) does not allow public exponents e smaller than 65537, but
does not state a reason for this restriction."
rransom said on IRC that he didn't also restrict the identity key exponent
because it's public in the TLS handshake and might be fingerprintable,
which is a valid thought, but generally *most* RSA exponents are 65537
nowadays.
rransom also said that he had a patch for onion keys in microdescriptors
that didn't get merged. He said he pushed it to his public repo but I
didn't manage to find it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3207#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs