[tor-relays] Tor 2.6.10 fails to generate fresh DH Keys

[Yawning Angel]

On Sat, 01 Aug 2015 13:06:55 -0400
starlight.2015q2 at binnacle.cx wrote:
> >Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus
> >at ../src/common/crypto.c:1788.
> >
> 
> Looks like you have DynamicDHGroups enabled
> in your torrc file.

Yes.  Don't use it.  It's kind of pointless since it only affects TLS
cyphersuites that shouldn't get negotiated in the first place.

> This is interesting because the recent
> LogJam research indicates the NSA
> has probably broken commonly used 1024
> bit DH groups, which suggests turning
> on this parameter.

Sigh.  There's no point because any sensible build of Tor will
negotiate ECDHE over DHE when doing the TLS handshake (which is the
only thing this option applies to).

Note: "any sensible build" basically is anything moderately recent,
linked against OpenSSL >= 1.0.0 (If your vendor OpenSSL is older than
that, 0.2.7.2-alpha and later will refuse to build, so users may as
well start thinking of a migration path.).

> However it was disabled by default some
> time ago for anti-fingerprinting reasons:
> 
> https://trac.torproject.org/projects/tor/ticket/5598

The feature is flat out deprecated in 0.2.7.1-alpha and later, in the
"The code that implemented it was removed" sense of "deprecated".

https://trac.torproject.org/projects/tor/ticket/13736 

> AND, it's probably a moot issue now that Ntor
> handshakes (elliptic curve) have overtaken
> older RSA connections.

This has nothing to do with TAP vs ntor, and only affects TLS.

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150801/25eb0869/attachment.sig>