DH loss of entropy
Opened 7 years ago
Last modified 2 years ago
#1112opendefect
DH loss of entropy
Reported by:zzzOwned by:zzz Priority: minor Milestone:
Component: router/transport Version: 0.9.8.1 Keywords: privacy anonymity Cc:
Parent Tickets:
Sensitive: no
Description
DHSessionKeyBuilder has a bug present since the beginning that loses 8 of the 256 bits of entropy half the time, due to conversion in Java BigInteger?.toByteArray().
It isn't clear how to fix this in a backwards-compatible way, if it is even possible. We will probably need to add protocol version info in both the NTCP and SSU handshake, together with passing the far-end router version from the netdb to the method.
Any NTCP change should be combined with the handshake obfuscation.
refs:
http://stackoverflow.com/questions/17841662/i2p-session-key-generation-suspected-to-leak