On Thu, Apr 4, 2013 at 5:51 AM, Bernard Tyers <ei8...@ei8fdb.org> wrote: > Hi, > > Is there a reason 1024 bit keys, instead of something higher is not used? Do > higher bit keys affect host performance, or network latency?
Because in 2003/2004, when we were designing Tor, 1024-bit keys seemed like they would probably be good enough, AND we weren't confident of our ability to support arbitrary key sizes without screwing it up. But as of 0.2.4, the forward-secrecy[0] parts of Tor[*] now support 256-bit ECC keys, which are probably about as good as 3072-bit RSA/DH keys, and a lot faster for most uses. I'd like to make more of the authentication parts of Tor support ECC over the next couple of releases. [0] https://en.wikipedia.org/wiki/Perfect_forward_secrecy [*] Specifically, the ephemeral-key part of the TLS handshake supports P224 or P256 if both Tors were built with a recent OpenSSL version; and the circuit handshake supports the "ntor" protocol with curve25519 if the client has UseNtorHandshake turned on. I want to make that on-by-default before the release.[**] [**] https://trac.torproject.org/projects/tor/ticket/8561 -- Nick _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
