[tor-bugs] #6089 [- Select a component]: If we generate DH groups, do so asynchronously
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Jun 6 15:55:01 UTC 2012
#6089: If we generate DH groups, do so asynchronously
----------------------------------+-----------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: - Select a component | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
One of the main reasons to disable dynamic dh groups by default (#5598)
was that they take a long time to generate, and that doing so stalls the
Tor startup (#4721) and makes controllers and user applications unable to
use Tor.
This will become a more serious problem if we make our DH groups change
when our IP changes in order to prevent bridge tracking (#6087), since
instead of stalling at startup, we'll stall every time we change IP.
And if we ever use longer DH keys (#6088), blocking will become untenable
here: generating a 2048-bit DH group tooks 140 seconds when I tried it
just now on my fastest desktop, and my netbook has been trying to generate
one for 30 minutes now with no results yet.
So what we need to do, if DynamicDHGroups is on, is to only generate DH
groups in a background thread, and not enable any TLS listeners until
they're generated.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6089>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list