[tor-talk] Tor private-key behaviour impacts: pycrypto, OnionBalance (maybe STEM and OnionShare?)

Alec Muffett alec.muffett at gmail.com
Fri Feb 8 10:32:06 UTC 2019


Hi All,

Last night I found Tor was/is generating v2 keys that are not
loadable/parsable by PyCrypto.

A fully-worked-example with test code and an example key is on trac:

    https://trac.torproject.org/projects/tor/ticket/29429

I haven't the familiarity with the codebase (nor the standards expertise)
to triage what causes the behaviour; whether recent Tor is generating
private v2 keys which are not to specification, or whether (as suggested in
old threads elsewhere[1]) perhaps PyCrypto is just too old/busted and needs
updating or replacing.

Assuming that the dependencies I've pulled in via my OnionBalance install
are up-to-date, though, this suggests that maybe STEM and therefore
presumably also several other tools would be afflicted, though I don't know
to what extent.

Has anyone else seen this, please?

    -a

[1] http://lists.gnu.org/archive/html/guix-devel/2016-12/msg01007.html

-- 
http://dropsafe.crypticide.com/aboutalecm


More information about the tor-talk mailing list