Changes between Version 70 and Version 71 of Crypto/CurrentSpecs


Ignore:
Timestamp:
Apr 17, 2014 1:18:36 PM (5 years ago)
Author:
str4d
Comment:

Column for which key is used where

Legend:

Unmodified
Added
Removed
Modified
  • Crypto/CurrentSpecs

    v70 v71  
    3737== Cipher usage ==
    3838
    39 || '''Router aspect''' || '''Cipher used''' || '''Security timescale''' ||'''Usage details''' || '''Comments''' ||
    40 || NTCP handshake || DSA || ???|| || see below ||
    41 || SSU handshake || DSA || ??? || || see below ||
    42 || !RouterInfo signing || DSA || Years but... || || Right now there's no limit on RI key lifetime but we could force a regeneration after a certain amount of time, esp. on startup after a long downtime ||
    43 || [wiki:Crypto/leaseset_signing LeaseSet signing] || DSA || Years || 75% verif.? (guesstimation) || ||
    44 || !LeaseSet revocation (unused) || DSA || ??? || || ||
    45 || I2CP Session Config signing || DSA || ??? || || ||
    46 || Datagram signing || DSA || Years and years? || || Or is it the other LS key?  There's multiple keys in a LS, some are in the Dest (i.e. tied to the hosts.txt entry) and some are regenerated at startup. Of course for client tunnels, keys are not persistent, all are regenerated at startup (or on reconnect if so configured in i2ptunnel) ||
    47 || Streaming message signing || DSA || Years and years? || || ditto ||
    48 || SUD signing || DSA || Years and years || 99% verif. || Keys are hardcoded in i2p source, and revokable by removing them. New file format required to change algo, proposal at http://zzz.i2p/topics/1351  ||
    49 || Tunnel Build Messages [8] || ElG || ||  || ||
    50 || NetDB Lookups / Stores [8] || ElG/AES+SessionTag || Years but... ||  || Only some are encrypted [8] Right now there's no limit on RI key lifetime but we could force a regeneration after a certain amount of time ||
    51 || End-to-End Encryption [8] || ElG/AES+SessionTag || ||  ||  ||
    52 || Transport key exchange [8] || DH || ||  ||  Both NTCP and SSU ||
    53 || NTCP Transport encryption [8] || AES || ||  ||   ||
    54 || SSU Transport encryption [8] || AES || ||  || With nonstandard HMAC-MD5-128 [8]   ||
    55 || Tunnel encryption hop-by-hop [9] || AES || ||  || See [9] for details   ||
    56 || Hashes [8] || SHA-256 || ||  || Used as the netdb keys and would be very disruptive to change [8]   ||
     39|| '''Router aspect''' || '''Cipher used''' || '''Key used''' || '''Security timescale''' ||'''Usage details''' || '''Comments''' ||
     40|| NTCP handshake || DSA || RI !SigKey || ???|| || see below ||
     41|| SSU handshake || DSA || RI !SigKey || ??? || || see below ||
     42|| !RouterInfo signing || DSA || RI !SigKey || Years but... || || Right now there's no limit on RI key lifetime but we could force a regeneration after a certain amount of time, esp. on startup after a long downtime ||
     43|| [wiki:Crypto/leaseset_signing LeaseSet signing] || DSA || Dest !SigKey || Years || 75% verif.? (guesstimation) || ||
     44|| !LeaseSet revocation (unused) || DSA || LS !SigKey || ??? || || ||
     45|| I2CP Session Config signing || DSA || || ??? || || ||
     46|| Datagram signing || DSA || || Years and years? || || Or is it the other LS key?  There's multiple keys in a LS, some are in the Dest (i.e. tied to the hosts.txt entry) and some are regenerated at startup. Of course for client tunnels, keys are not persistent, all are regenerated at startup (or on reconnect if so configured in i2ptunnel) ||
     47|| Streaming message signing || DSA || || Years and years? || || ditto ||
     48|| SUD signing || DSA || || Years and years || 99% verif. || Keys are hardcoded in i2p source, and revokable by removing them. New file format required to change algo, proposal at http://zzz.i2p/topics/1351  ||
     49|| Tunnel Build Messages [8] || ElG || RI !EncKey || ||  || ||
     50|| NetDB Lookups / Stores [8] || ElG/AES+SessionTag || || Years but... ||  || Only some are encrypted [8] Right now there's no limit on RI key lifetime but we could force a regeneration after a certain amount of time ||
     51|| End-to-End Encryption [8] || ElG/AES+SessionTag || LS !EncKey || ||  ||  ||
     52|| Transport key exchange [8] || DH || || ||  ||  Both NTCP and SSU ||
     53|| NTCP Transport encryption [8] || AES || DH key || ||  ||   ||
     54|| SSU Transport encryption [8] || AES || DH key || ||  || With nonstandard HMAC-MD5-128 [8]   ||
     55|| Tunnel encryption hop-by-hop [9] || AES || || ||  || See [9] for details   ||
     56|| Hashes [8] || SHA-256 || || ||  || Used as the netdb keys and would be very disruptive to change [8]   ||
    5757
    5858