Opened 4 weeks ago

Closed 3 weeks ago

#2600 closed defect (wontfix)

Use only strong signature/s in tunnels

Reported by: anonymous maybe Owned by:
Priority: major Milestone: undecided
Component: apps/i2ptunnel Version: 0.9.41
Keywords: Cc:
Parent Tickets: Sensitive: no

Description (last modified by anonymous maybe)

almost all of the signatures having issues:

  • DSA-SHA1 = Weak and broken

https://en.wikipedia.org/wiki/SHA-1#Attacks

  • ECDSA = broken against quantum computers,Corrupted by the NSA:

https://csrc.nist.gov/csrc/media/publications/nistir/8105/final/documents/nistir_8105_draft.pdf

https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Security

  • ed25519-SHA512: has known attacks already mentioned for replacement:

https://geti2p.net/spec/proposals/148-eddsa-blake2b-ed25519

Subtickets

Change History (6)

comment:1 Changed 4 weeks ago by anonymous maybe

Description: modified (diff)

comment:2 Changed 3 weeks ago by zzz

Status: newinfoneeded_new

What's the bug, what are you asking for?

comment:3 Changed 3 weeks ago by anonymous maybe

Status: infoneeded_newnew

In this page:

https://geti2p.net/spec/cryptography#new_signature_algorithms

The current supported signature types are as follows:

    DSA-SHA1
    ECDSA-SHA256-P256
    ECDSA-SHA384-P384
    ECDSA-SHA512-P521
    EdDSA-SHA512-Ed25519 (as of release 0.9.15)
    RedDSA-SHA512-Ed25519 (as of release 0.9.39)

i have listed some of them having issues according to the main report so i wonder why to use weak or broken or reported to be theoretically broken algorithms? isnt this a bug or im getting something wrong?

Why not unifying the usage of using only strong,secure ones?

ThX!

comment:4 Changed 3 weeks ago by zzz

for backwards-compatibility you may wish to choose something other than the default. The option is near the bottom under "advanced settings". What do you mean by "unify"? We can't combine two signature types. Again, what are you asking for?

comment:5 Changed 3 weeks ago by anonymous maybe

aha so you like to keep the support for backwards. Sorry i maybe wasnt clear , i meant by unifying not to merge or combine 2 but to remove old and keep new.

But since you mentioned older versions compatibility , this wont happen or at least any time soon.


comment:6 Changed 3 weeks ago by anonymous maybe

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.