Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T14:39:06Zhttps://gitlab.torproject.org/legacy/trac/-/issues/13243Password hashing unit tests are too slow2020-06-13T14:39:06ZNick MathewsonPassword hashing unit tests are too slowThe scrypt and pbkdf2 and pwbox tests I added for #12981 seem to run a bit slow. Running slow is kind of the point of a password hashing scheme, but slow unit tests are anathema.
We could make these tests (or the slower versions of th...The scrypt and pbkdf2 and pwbox tests I added for #12981 seem to run a bit slow. Running slow is kind of the point of a password hashing scheme, but slow unit tests are anathema.
We could make these tests (or the slower versions of them) off-by-default using the TT_OFF_BY_DEFAULT flag, I guess. But is that wise?Tor: 0.2.6.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/12981Add backends for encrypted storage, scrypt2020-06-13T14:38:10ZNick MathewsonAdd backends for encrypted storage, scryptWe need an encrypted storage format for private keys that is better than openssl's armor, once we start storing ed25519 private keys (optionally encrypted).
We should also use a better passphrase-based-key-derivation function than we ha...We need an encrypted storage format for private keys that is better than openssl's armor, once we start storing ed25519 private keys (optionally encrypted).
We should also use a better passphrase-based-key-derivation function than we have now. scrypt isn't my favorite, but until the PHC is done, it's probably a good choice.
Once those are in, we can use scrypt in place of our current openpgp RFC2440 password-to-key function.Tor: 0.2.6.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/9982Use a better password-based KDF for controller passwords, authority identity ...2020-06-13T14:32:41ZNick MathewsonUse a better password-based KDF for controller passwords, authority identity key encryption, and moreWith the ed25519 key transition, we'll want to start bringing offline identity keys to regular relay operators (and ideally hidden service operators too somehow, if we can figure out a non-stupid way for it to interact with #8106).
As w...With the ed25519 key transition, we'll want to start bringing offline identity keys to regular relay operators (and ideally hidden service operators too somehow, if we can figure out a non-stupid way for it to interact with #8106).
As we do this, we'll want a better password-based KDF. Right now we have the very silly "NID_pbe_WithSHA1And3_Key_TripleDES_CBC" for protecting authority keys, and the very silly OpenPGP KDF for hashing controller passwords. Let's do something from the 21st century.
This is a bikeshed discussion. I nominate: "Derive keys with scrypt-jane, with salsa20/8 and SHA512."Tor: unspecified