Changes between Version 65 and Version 66 of Crypto/CurrentSpecs


Ignore:
Timestamp:
Feb 5, 2013 9:06:18 PM (6 years ago)
Author:
zzz
Comment:

add tunnel encryption, signing revocation, strategy, more links

Legend:

Unmodified
Added
Removed
Modified
  • Crypto/CurrentSpecs

    v65 v66  
    66
    77|| '''Cipher''' || '''Used lengths''' || '''Security''' || '''Comments'''||
    8 || AES-CBC [8] || 256 || Good [5] ||  A good choice due to common support for hardware acceleration??? Really? We don't support hardware acceleration. Never used alone, always with ElG+SessionTag [8] Notes about padding in [8] are incorrect and to be fixed (see trac ticket) ||
     8|| AES-CBC [8] || 256 || Good [5] ||  See [8] for p/q/g. A good choice due to common support for hardware acceleration??? Really? We don't support hardware acceleration. Never used alone, always with ElG+SessionTag [8] Notes about padding in [8] are incorrect and to be fixed (see trac ticket) ||
    99
    1010=== Asymmetric ===
    1111
    1212|| '''Cipher''' || '''Used lengths''' || '''Security''' || '''Comments'''||
    13 || !ElGamal [8] || 2048 || >Poor [5]???|| We use "short exponent" [8] ||
     13|| !ElGamal [8] || 2048 || >Poor [5]???|| We use "short exponent" [8]. See [8] for prime. ||
    1414
    1515=== MAC ===
     
    2525
    2626|| '''Cipher''' || '''Used lengths''' || '''Security''' || '''Comments'''||
    27 || DH [8] || 2048 ||  ||  Both NTCP and SSU ||
     27|| DH [8] || 2048 ||  ||  Both NTCP and SSU. Uses same prime as ElG [8] ||
    2828
    2929=== Signatures ===
    3030
    3131|| '''Cipher''' || '''Used lengths''' || '''Security''' || '''Comments'''||
    32 || DSA [8] || 1024 || Poor [5] || We use DSA for all signatures. We do not use ElG as it was deemed too slow. That's why every Dest and RI has two keys, one for crypto and one for signing. ||
     32|| DSA [8] || 1024 || Poor [5] [10] || We use DSA for all signatures. We do not use ElG as it was deemed too slow. That's why every Dest and RI has two keys, one for crypto and one for signing. Note that we do not support signing key revocation for anything. ||
     33
     34
    3335
    3436
     
    5153|| NTCP Transport encryption [8] || AES ||  ||  ||   ||
    5254|| SSU Transport encryption [8] || AES ||  ||  || With nonstandard HMAC-MD5-128 [8]   ||
     55|| Tunnel encryption hop-by-hop [9] || AES ||  ||  || See [9] for details   ||
    5356|| Hashes [8] || SHA-256 ||  ||  || Used as the netdb keys and would be very disruptive to change [8]   ||
    5457
     
    8992|| CBC-MAC-EMAC || Good [5] || ||  ||
    9093
     94=== Strategy ===
     95
     96At first glance, current signing algo (DSA) is the weakest, and signing is far easier to understand and analyze than crypto, so it's probably a good place to start. [8] [10]
     97
     98
    9199[[BR]][[BR]]
    92100[1] http://www.cryptopp.com/benchmarks.html [[BR]]
     
    98106[7] http://en.wikipedia.org/wiki/RIPEMD - Citation needed [[BR]]
    99107[8] http://www.i2p2.i2p/how_cryptography and see more references there [[BR]]
     108[9] http://www.i2p2.i2p/tunnel-alt.html tunnel encryption [[BR]]
     109[10] http://zzz.i2p/topics/715 DSA replacement [[BR]]