Opened 4 months ago

Closed 4 months ago

#2339 closed defect (fixed)

my tunnels signature set to SHA-1 and can not be change

Reported by: anonymous maybe Owned by: zzz
Priority: maintenance Milestone: undecided
Component: apps/console Version: 0.9.37
Keywords: Cc:
Parent Tickets:

Description

i just surprisingly discovered that my tunnels set to SHA-1 , and what else i dont understand is that i cant even change the option anywhere. Like the graphics broken or something.

this for sure a bug, but how to make that happen from i2p option or cli command?

another question would be , why allowing less secure hashes? why not all the routers using the best encryption option exist?

level set to major as its dangerous of why it happen and also can not be changed.

Subtickets

Change History (6)

comment:1 Changed 4 months ago by echelon

  • Component changed from apps/i2ptunnel to apps/console
  • Owner set to zzz
  • Priority changed from major to maintenance

comment:2 Changed 4 months ago by echelon

As the change of signature from SHA-1 to other functions will change the destination, it still needs SHA-1 to reach older destinations.
Thats what the SHA-1 tunnels are for.

comment:3 Changed 4 months ago by echelon

  • Resolution set to not a bug
  • Status changed from new to closed

comment:4 Changed 4 months ago by anonymous maybe

  • Resolution not a bug deleted
  • Status changed from closed to reopened

comment:5 Changed 4 months ago by anonymous maybe

what kind of a solution to the problem is that?

forcing my router to use insecure signature = horrible privacy.

the force itself is bad, because you dont force ppl to use the old shitty routers out there. it must be optional to the user will if he want to support that or not.

comment:6 Changed 4 months ago by echelon

  • Resolution set to fixed
  • Status changed from reopened to closed

That is a working solution which will not render all services setup before the change to new hash system useless and dead.
You can read a lot about this on zzz.i2p and other ressources. But you need the SHA-1 hash to use the old services, which are distributed all across I2P routers addressbooks and cannot be changed.
Removing all old services is a complete new start of I2P and a bigger incompatibility which is not the goal of I2P if it can be prohibited in a good way.
Also, if you read the docs, it describes the SHA-1 is only for the destination in first contact and in further communication it is/may change, depending on the router version you do use.
Also new destinations can be created with other hash systems, but that may render it unreachable for older I2P versions.

Note: See TracTickets for help on using tickets.