Opened 7 years ago

Last modified 18 months ago

#1112 open defect

DH loss of entropy

Reported by: zzz Owned by: zzz
Priority: minor Milestone:
Component: router/transport Version:
Keywords: privacy anonymity Cc:
Parent Tickets: Sensitive: no


DHSessionKeyBuilder has a bug present since the beginning that loses 8 of the 256 bits of entropy half the time, due to conversion in Java BigInteger?.toByteArray().

It isn't clear how to fix this in a backwards-compatible way, if it is even possible. We will probably need to add protocol version info in both the NTCP and SSU handshake, together with passing the far-end router version from the netdb to the method.

Any NTCP change should be combined with the handshake obfuscation.



#1240: Investigate alternate DH implementationsclosedzzz

Change History (6)

comment:1 Changed 7 years ago by zzz

See ancient branch i2p.i2p.zzz.obfusc ntcp/ for preliminary implementation of obfuscation + versioning. Documented in http://zzz.i2p/files/ntcp-new.html . Needs to be brought back to life and reviewed.

However since the first message contains the DH, the version info there isn't sufficient, need an indicator in the netdb, or use the router version, or both.

comment:2 Changed 7 years ago by zzz

Start of NTCP version 2 discussion at http://zzz.i2p/topics/1577

comment:3 Changed 6 years ago by str4d

Keywords: privacy anonymity added
Milestone: 0.9.12

comment:4 Changed 5 years ago by zzz

Add a subticket #1240.

comment:5 Changed 5 years ago by str4d

Status: newopen

comment:6 Changed 18 months ago by zzz

this was fixed in NTCP2. Any SSU fixes would be in SSU2.

Note: See TracTickets for help on using tickets.