Opened 5 years ago

Closed 12 months ago

#1315 closed task (wontfix)

Use of Authenticated Encryption

Reported by: ExtraBattery Owned by: zzz
Priority: maintenance Milestone: n/a
Component: router/transport Version: 0.9.13
Keywords: Cc:
Parent Tickets: #856, #2199

Description

In

https://geti2p.net/en/docs/how/cryptography

it states that: "SSU (the UDP transport) encrypts each packet with AES256/CBC with both an explicit IV and MAC (HMAC-MD5-128) ..."

Isn't MD-5 completely outdated? So even if an HMAC is used, shouldn't the hash algorithm be changed back to SHA-256 for security?

Even better AES-GCM (authenticated encryption) might be used, which would probably also perform better than encrypting with AES and then hashing with MD-5. Steve Gibson has recently released a nice C-implementation of AES-GCM into the public domain, including test-vectors. It could be ported to Java and then used throughout the I2P router, possibly reducing packet size and at the same time increasing security.

https://www.grc.com/sqrl/resources.htm

Just saying.

Subtickets

Change History (4)

comment:1 Changed 5 years ago by zzz

  • Component changed from unspecified to router/transport
  • Owner set to zzz
  • Parent Tickets set to 856

Sure, but lower priority than some other crypto migration, and an imcompatible change. See links in parent ticket #856 .

Security depends on many factors, including the lifetime the hash is used for, other encryption used in combination, etc.

So there's more to the story than just "MD5 = bad, panic".

comment:2 Changed 5 years ago by ExtraBattery

MD5 = bad, panic
HMAC-MD5 = no practical attack known

It's non-standard, yet Tiger performs (on x64) nearly as well as MD5. BLAKE2 is faster than MD5. SHA3−256 is faster than SHA−256.

comment:3 Changed 14 months ago by zzz

  • Parent Tickets changed from 856 to 856, 2199

comment:4 Changed 12 months ago by zzz

  • Milestone set to n/a
  • Resolution set to wontfix
  • Status changed from new to closed

NTCP2 will use ChaCha20/Poly1305. See #2199 and proposal 111. Any replacement for SSU and its HMAC-MD5 isn't even in the proposal stage yet and is a year or more away, but we would certainly be informed by the decisions made for NTCP2. Closing this for now so we may close #2199.

Note: See TracTickets for help on using tickets.