Opened 10 years ago

Last modified 7 years ago

#1114 closed defect (Fixed)

DH key warn message

Reported by: dragonfly Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.2.3-alpha
Severity: Keywords:
Cc: karsten, Sebastian, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello,

got this warnings on Debian Etch with Tor 0.2.0.35:

Sep 19 06:00:09.581 [warn] DH key must be at least 2.
Sep 19 06:00:09.581 [warn] Rejecting insecure DH key [0]
Sep 19 06:00:09.581 [warn] Rejected invalid g^x
Sep 21 08:25:16.213 [warn] DH key must be at least 2.
Sep 21 08:25:16.213 [warn] Rejecting insecure DH key [0]
Sep 21 08:25:16.213 [warn] Rejected invalid g^x
Sep 24 05:22:43.076 [warn] DH key must be at least 2.
Sep 24 05:22:43.077 [warn] Rejecting insecure DH key [0]
Sep 24 05:22:43.077 [warn] Rejected invalid g^x
Sep 27 15:15:39.650 [warn] DH key must be at least 2.
Sep 27 15:15:39.650 [warn] Rejecting insecure DH key [0]
Sep 27 15:15:39.650 [warn] Rejected invalid g^x
Sep 28 09:13:31.569 [warn] DH key must be at least 2.
Sep 28 09:13:31.569 [warn] Rejecting insecure DH key [0]
Sep 28 09:13:31.569 [warn] Rejected invalid g^x
Sep 28 12:13:14.071 [warn] DH key must be at least 2.
Sep 28 12:13:14.071 [warn] Rejecting insecure DH key [0]
Sep 28 12:13:14.071 [warn] Rejected invalid g^x
Sep 28 19:41:23.658 [warn] DH key must be at least 2.
Sep 28 19:41:23.659 [warn] Rejecting insecure DH key [0]
Sep 28 19:41:23.659 [warn] Rejected invalid g^x

And also on Debian Lenny with Tor 0.2.2.3-alpha:

Sep 30 07:50:05.236 [warn] DH key must be at least 2.
Sep 30 07:50:05.236 [warn] Rejecting insecure DH key [0]
Sep 30 07:50:05.236 [warn] Rejected invalid g^x
Oct 06 02:51:08.319 [warn] DH key must be at least 2.
Oct 06 02:51:08.319 [warn] Rejecting insecure DH key [0]
Oct 06 02:51:08.319 [warn] Rejected invalid g^x

Anoyone else seeing them?

[Automatically added by flyspray2trac: Operating System: Other Linux]

Child Tickets

Change History (5)

comment:1 Changed 10 years ago by Sebastian

yup, got the same warnings yesterday. Nothing else, though

comment:2 Changed 10 years ago by nickm

Looks like somebody is either

a) attempting to attack any Tor servers still running version 0.1.0.12 or earlier (not likely!)

or b) trying to write a Tor client but doing it wrong.

I'd say that (b) is way more likely, since the attack doesn't work against any version of Tor that is still running.

This should probably be at LOG_PROTOCOL_WARN level, so that it doesn't fill people's logs.

comment:3 Changed 10 years ago by karsten

The most plausible explanation for someone sending us weak DH keys is that
they experiment with their Tor code or implement a new Tor client. Usually,
we don't care about such events, especially not on warn level. I reduced
the log level to LOG_PROTOCOL_WARN, so that these messages will be logged
on info level unless someone sets ProtocolWarnings to 1.

comment:4 Changed 10 years ago by karsten

flyspray2trac: bug closed.

comment:5 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.