Opened 5 years ago

Last modified 17 months ago

#9982 new defect

Use a better password-based KDF for controller passwords, authority identity key encryption, and more

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay scrypt passphrase tor-dirauth tor-control easy
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

With the ed25519 key transition, we'll want to start bringing offline identity keys to regular relay operators (and ideally hidden service operators too somehow, if we can figure out a non-stupid way for it to interact with #8106).

As we do this, we'll want a better password-based KDF. Right now we have the very silly "NID_pbe_WithSHA1And3_Key_TripleDES_CBC" for protecting authority keys, and the very silly OpenPGP KDF for hashing controller passwords. Let's do something from the 21st century.

This is a bikeshed discussion. I nominate: "Derive keys with scrypt-jane, with salsa20/8 and SHA512."

Child Tickets

Change History (11)

comment:1 Changed 5 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.6.x-final

comment:2 Changed 4 years ago by nickm

Keywords: 026-triaged-1 026-deferrable added

comment:3 Changed 4 years ago by nickm

See #12981 for implementation of a backend for this.

comment:4 Changed 4 years ago by nickm

Milestone: Tor: 0.2.6.x-finalTor: 0.2.???

Defer some items from 0.2.6. They are mostly worth doing, but not going to happen super-fast.

comment:5 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:6 Changed 23 months ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:7 Changed 20 months ago by nickm

Severity: Normal

We now include scrypt as an option for file encryption; other passphrase-using stuff could use that too.

comment:8 Changed 17 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:9 Changed 17 months ago by nickm

Keywords: 026-triaged-1 removed

comment:10 Changed 17 months ago by nickm

Keywords: 026-deferrable removed

comment:11 Changed 17 months ago by nickm

Keywords: scrypt passphrase tor-dirauth tor-control easy added

We now have scrypt support, but it isn't actually used in controller passphrases or authority key encryption passphrases.

Note: See TracTickets for help on using tickets.