[tor-bugs] #3207 [Tor Relay]: limit more keys to the exponent we specify
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue May 17 11:55:41 UTC 2011
#3207: limit more keys to the exponent we specify
-------------------------+--------------------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by asn):
Replying to [comment:1 arma]:
> Are we ever going to want keys with different exponents, in the distant
future? Or is it always a bad idea for sure?
>
> My crypto crystal ball is not good enough, but some external advice
might be good here.
Cryptographically, I don't see any problems with this. OAEP solved same
small exponents attacks years ago, and 65537 is not a small exponent
either.
Wikipedia also says:
"The NIST Special Publication on Computer Security (SP 800-78 Rev 1 of
August 2007) does not allow public exponents e smaller than 65537, but
does not state a reason for this restriction."
rransom said on IRC that he didn't also restrict the identity key exponent
because it's public in the TLS handshake and might be fingerprintable,
which is a valid thought, but generally *most* RSA exponents are 65537
nowadays.
rransom also said that he had a patch for onion keys in microdescriptors
that didn't get merged. He said he pushed it to his public repo but I
didn't manage to find it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3207#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list