Opened 2 years ago

Closed 2 years ago

#2339 closed defect (fixed)

my tunnels signature set to SHA-1 and can not be change

Reported by: anonymous maybe Owned by: zzz
Priority: maintenance Milestone: undecided
Component: apps/console Version: 0.9.37
Keywords: Cc:
Parent Tickets: Sensitive: no


i just surprisingly discovered that my tunnels set to SHA-1 , and what else i dont understand is that i cant even change the option anywhere. Like the graphics broken or something.

this for sure a bug, but how to make that happen from i2p option or cli command?

another question would be , why allowing less secure hashes? why not all the routers using the best encryption option exist?

level set to major as its dangerous of why it happen and also can not be changed.


Change History (6)

comment:1 Changed 2 years ago by Eche|on

Component: apps/i2ptunnelapps/console
Owner: set to zzz
Priority: majormaintenance

comment:2 Changed 2 years ago by Eche|on

As the change of signature from SHA-1 to other functions will change the destination, it still needs SHA-1 to reach older destinations.
Thats what the SHA-1 tunnels are for.

comment:3 Changed 2 years ago by Eche|on

Resolution: not a bug
Status: newclosed

comment:4 Changed 2 years ago by anonymous maybe

Resolution: not a bug
Status: closedreopened

comment:5 Changed 2 years ago by anonymous maybe

what kind of a solution to the problem is that?

forcing my router to use insecure signature = horrible privacy.

the force itself is bad, because you dont force ppl to use the old shitty routers out there. it must be optional to the user will if he want to support that or not.

comment:6 Changed 2 years ago by Eche|on

Resolution: fixed
Status: reopenedclosed

That is a working solution which will not render all services setup before the change to new hash system useless and dead.
You can read a lot about this on zzz.i2p and other ressources. But you need the SHA-1 hash to use the old services, which are distributed all across I2P routers addressbooks and cannot be changed.
Removing all old services is a complete new start of I2P and a bigger incompatibility which is not the goal of I2P if it can be prohibited in a good way.
Also, if you read the docs, it describes the SHA-1 is only for the destination in first contact and in further communication it is/may change, depending on the router version you do use.
Also new destinations can be created with other hash systems, but that may render it unreachable for older I2P versions.

Note: See TracTickets for help on using tickets.