Key length and PK algorithm of TOR

Gregory Maxwell gmaxwell at
Sun Jan 2 01:46:34 UTC 2011

On Fri, Dec 31, 2010 at 10:17 PM, Nick Mathewson <nickm at> wrote:
> But to answer your questions, the main reason Tor doesn't use ECC now
> (and that its RSA keys are 1024 bits except for authority keys) is
> that back when we designed the relevant parts of the  current Tor

So— if someone had asked me about this I would have also pointed out
that using anything other than moderately sized RSA in the transport
security would make it impossible for Tor to look at all like a random
SSL (e.g. a http client/server) and thus be more vulnerable to
blocking by even the laziest attackers.

I haven't seen this point raised in this thread, so I'm wondering if
I'm misunderstanding or if it's just not being mentioned because even
ignoring the ciphersuite selection blocking tor based on the
on-the-wire behavior isn't especially difficult.
To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list