2

I'm looking for up-to-date information on Tor encryption standards, and I can't seem to find anything newer than 2013.

What encryption algorithms does Tor use?

What is the reasoning behind keeping hidden service onion RSA keys at 1024 length?

Hidden .onion service with 2048 bit (or 4096 bit) RSA private key -- how to host it?

Everything I've been able to find links back to a proposal to move to Ed25519 keys: https://lists.torproject.org/pipermail/tor-dev/2013-August/005259.html

Poking around in my own Tor relay, I found a master public and master secret ed25519 key, along with a signing cert and signing secret key. However, there's also a secret_id_key and a couple of secret_onion* keys that are RSA private keys.

Does Tor 2.7 use Ed25519, or 1024-bit RSA? Why are there 2 kinds of keys? How secure is Ed25519 compared to 1024-bit or 2048-bit RSA?

Thanks in advance,

Tristan

SuperSluether
  • 1,239
  • 8
  • 21

1 Answers1

1

The two keys are not for substituting each other, but to make "an authenticating pair", unique for every relay. 1024-bit-only RSA is an anachronism, I hope higher lengths will be added ASAP in the light of quantum computing era actual start and first really working application that are working/starting-to-work nowdays. I wonder what are they trying to crack ;) A different algos for different keys is a good approach, actually - it's harder to crack multiple algos than one. If even RSA1024 will be owned, ed25519 will still be a problem for an attacker. A good crypto-related spec is an official one, so take some time and read it throughfully - I myself was misunderstanding it after a first quick reading.

About comparisions : RSA vs EC is well-compared subject, I leave to a mathematical Googling about it : too broad to just point to some pieces of research not mentioning another ones.

Feel free to ask further questions - I'm glad to help!

You're welcome,

Alexey

Alexey Vesnin
  • 6,385
  • 3
  • 15
  • 36