[tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

Andrew F andrewfriedman101 at gmail.com
Fri May 17 18:43:57 UTC 2013


George,
I would definitely create an extended transition time frame.   6 months or
a year where both keys will work.   just make it clear there  is a cut off
date.

And I think Adrelanos's concept is a valid one.   Since we may need to do
this again, why not put a structure in place that facilitates upgrades to
the system itself.







On Fri, May 17, 2013 at 3:09 PM, adrelanos <adrelanos at riseup.net> wrote:

> George Kadianakis:
> > Thoughts?
>
> Can you make .onion domains really long and therefor really safe against
> brute force?
>
> Or have an option for maximum key length and a weaker default if common
> CPU's are still too slow? I mean, if you want to make 2048 bit keys the
> default because you feel most hidden services have CPU's which are too
> slow for 4096 bit keys, then use 2048 bit as default with an option to
> use the max. of 4096 bit.
>
> Bonus point: Can you make the new implementation support less painful
> updates (anyone or everyone) when the next update will be required?
> (forward compatibility)
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130517/f601bd79/attachment.html>


More information about the tor-dev mailing list