[tor-bugs] #17110 [Tor]: Hardening security - HidServAuth
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 19 23:25:08 UTC 2015
#17110: Hardening security - HidServAuth
----------------------+----------------------------------
Reporter: ikurua22 | Owner:
Type: task | Status: new
Priority: major | Milestone: Tor: unspecified
Component: Tor | Version: Tor: unspecified
Keywords: | Actual Points:
Parent ID: | Points:
----------------------+----------------------------------
I've detected someone bruteforce my HiddenServiceAuthrozeClient key
and using it to access my HiddenService.
Client computers are NOT compromised.
HidServAuth can be compromise by brute force, because it's length is
just 16.
Please make it extremely longer, for example, 4096bit.
Or add ".crt/.pem" authorization method.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17110>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list