[tor-bugs] #5598 [Tor Relay]: Turn DynamicDHGroups off by default

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat May 26 18:32:52 UTC 2012 

#5598: Turn DynamicDHGroups off by default
-------------------------+--------------------------------------------------
 Reporter:  rransom      |          Owner:     
     Type:  enhancement  |         Status:  new
 Priority:  minor        |      Milestone:     
Component:  Tor Relay    |        Version:     
 Keywords:               |         Parent:     
   Points:               |   Actualpoints:     
-------------------------+--------------------------------------------------

Comment(by mikeperry):

 Replying to [comment:12 iang]:
 >
 > If we're worried about the difference between solving DLs in a single,
 common, 1024-bit Zp group versus solving it for lots of different 1024-bit
 Zp groups, then our prime is way too small.  You don't want to be anywhere
 near the place where even one (random) problem of that size could be
 solved (with acceptable probability in reasonable time).

 I agree. But we're sort of stuck there for about another year though, I
 bet. :/

 > It's true that precomputation tables make it faster to compute DLs for a
 fixed prime once you've built the tables, but if they can do it once, in a
 few years, they'll probably be able to do it often.

 Ah, right. So either way the "P" in PFS is probably gone eventually for
 specific traffic streams...

 Personally though, my choice would be for the bastards to have to have at
 least a few more cages full of machines occupied by computing and storing
 DL tables rather than actual people's unconstitutionally obtained personal
 data :)

 If it were up to me, I wouldn't even store the dynamic DH modulus on disk
 at all.. Let it rotate early and often (again, assuming the ones we
 generate are just as "prime" as the apache prime).

 After all, there are a fairly large number of these primes to choose from
 (something around O(2^1014), right?).. Like Pokemon, They gotta collect
 'em all...

 And by then, we'll have upgraded our DH handshake either to EC or larger
 primes.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5598#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list