Opened 5 years ago

Last modified 3 years ago

#1112 open defect

DH loss of entropy

Reported by: zzz Owned by: zzz
Priority: minor Milestone:
Component: router/transport Version: 0.9.8.1
Keywords: privacy anonymity Cc:
Parent Tickets:

Description

DHSessionKeyBuilder has a bug present since the beginning that loses 8 of the 256 bits of entropy half the time, due to conversion in Java BigInteger?.toByteArray().

It isn't clear how to fix this in a backwards-compatible way, if it is even possible. We will probably need to add protocol version info in both the NTCP and SSU handshake, together with passing the far-end router version from the netdb to the method.

Any NTCP change should be combined with the handshake obfuscation.

refs:
#963
http://stackoverflow.com/questions/17841662/i2p-session-key-generation-suspected-to-leak
http://zzz.i2p/topics/774

Subtickets (add)

#1240: Investigate alternate DH implementationstaskclosedzzz

Change History (5)

comment:1 Changed 5 years ago by zzz

See ancient branch i2p.i2p.zzz.obfusc ntcp/EstablishState.java for preliminary implementation of obfuscation + versioning. Documented in http://zzz.i2p/files/ntcp-new.html . Needs to be brought back to life and reviewed.

However since the first message contains the DH, the version info there isn't sufficient, need an indicator in the netdb, or use the router version, or both.

comment:2 Changed 5 years ago by zzz

Start of NTCP version 2 discussion at http://zzz.i2p/topics/1577

comment:3 Changed 4 years ago by str4d

  • Keywords privacy anonymity added
  • Milestone 0.9.12 deleted

comment:4 Changed 3 years ago by zzz

Add a subticket #1240.

comment:5 Changed 3 years ago by str4d

  • Status changed from new to open
Note: See TracTickets for help on using tickets.