[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3207 [Tor Relay]: limit more keys to the exponent we specify
#3207: limit more keys to the exponent we specify
-------------------------+--------------------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: unspecified
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Changes (by rransom):
* status: new => needs_review
Comment:
Replying to [comment:3 asn]:
> Replying to [comment:1 arma]:
> > Are we ever going to want keys with different exponents, in the
distant future? Or is it always a bad idea for sure?
> >
> > My crypto crystal ball is not good enough, but some external advice
might be good here.
>
> Cryptographically, I don't see any problems with this. OAEP solved same
small exponents attacks years ago, and 65537 is not a small exponent
either.
> Wikipedia also says:
> "The NIST Special Publication on Computer Security (SP 800-78 Rev 1 of
August 2007) does not allow public exponents e smaller than 65537, but
does not state a reason for this restriction."
>
> rransom said on IRC that he didn't also restrict the identity key
exponent because it's public in the TLS handshake and might be
fingerprintable, which is a valid thought, but generally *most* RSA
exponents are 65537 nowadays.
>
> rransom also said that he had a patch for onion keys in microdescriptors
that didn't get merged. He said he pushed it to his public repo but I
didn't manage to find it.
I said that I would push that patch, not that I had pushed it. And then I
distracted myself for a few hours.
See [https://gitweb.torproject.org/rransom/tor.git/shortlog/refs/heads/hs-
client-input-validation-fixes-022 hs-client-input-validation-fixes-022] (
!git://git.torproject.org/rransom/tor.git hs-client-input-validation-
fixes-022 ).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3207#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs