[tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

adrelanos adrelanos at riseup.net
Sat May 18 00:35:50 UTC 2013

George Kadianakis:
> If we move to the higher security of (e.g.) 128-bits, the base32 string
> suddenly becomes 26 characters. Is that still conveniently sized to pass
> around, or should we admit that we failed this goal and we are free to
> crank up the security to 256-bits (output size of sha-256) which is a 52
> character string?

In doubt: if possible, maintainable, not too much work, you name it...
When having the less secure version as default, please let the hidden
service hosts decide if they want to use the more secure version by
using an option.

I don't know if the petname system is an completely orthogonal issue or
if it could be considered when you decide this one.

>> Or have an option for maximum key length and a weaker default if common
>> CPU's are still too slow? I mean, if you want to make 2048 bit keys the
>> default because you feel most hidden services have CPU's which are too
>> slow for 4096 bit keys, then use 2048 bit as default with an option to
>> use the max. of 4096 bit.
>> Bonus point: Can you make the new implementation support less painful
>> updates (anyone or everyone) when the next update will be required?
>> (forward compatibility)
> I was also trying to think of a solution to this problem, but I failed.

Thanks for considering!

More information about the tor-dev mailing list