[tor-dev] Extending deadline for small features in 0.2.3.x by one week (to the 13th)
Nick Mathewson
nickm at alum.mit.edu
Tue Jan 10 02:01:50 UTC 2012
On Mon, Jan 9, 2012 at 8:49 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>
> Should I make such a branch and request it for review?
I don't think this is a good idea for 0.2.3.x without data. Specifically:
* What fraction of servers on the net right now use 2048-bit RSA
link keys and 2048-bit DH groups? (Or 1024 bit RSA keys and 1536-bit
DH keys, etc)
* How much would this slow down typical clients and servers?
>From a security POV, increasing the link key modulus size of 2048 bits
doesn't seem to do anything useful. If somebody wants to decrypt an
intercepted communication, the DH g^x value is what they need to
solve. OTOH, if we want to stop somebody from *impersonating* a
server, then using a 2048-bit link key wouldn't do any good: factoring
the identity key would give equally good results.
So I think unless we can make identity keys larger, increasing link
key size doesn't help. And without analysis, making the above changes
on this timeframe seems like a worrying idea.
So my thought is that we should target 0.2.4.x for this kind of thing,
and do it properly.
yrs,
--
Nick
More information about the tor-dev
mailing list