Opened 11 years ago

Closed 10 years ago

#2658 closed Enhancement (fixed)

encryption improvements

Reported by: sadface Owned by: sadface
Priority: Normal Milestone: 1.80
Component: libtransmission Version: 1.76
Severity: Normal Keywords:
Cc:

Description

  1. A bugfix: DH_size() always returns DH prime size, so actually shorter public keys are not padded.
  1. A enhancement: Nowadays libtransmission shares a set of DH keys for all the encrypted handshake connections. Furthermore, private key is as long as public key and prime P (768 bit).

Obfuscation protocol specification proposes a safer and faster choice: it suggests to use a 160 bit private key and discard keys after the DH handshake is done. On my system (AMD k8), using a 160-bit private key is ~4x faster than using a 768-bit one, so new DH handshake (generate keys + compute the secret) is still ~2x faster than current DH handshake (only compute the secret).

Attachments (1)

encryption_patch.diff (3.3 KB) - added by sadface 11 years ago.

Download all attachments as: .zip

Change History (6)

Changed 11 years ago by sadface

comment:1 Changed 11 years ago by charles

  • Milestone changed from None Set to 1.80
  • Status changed from new to assigned
  • Version changed from 1.76+ to 1.76

comment:2 Changed 11 years ago by charles

  • Owner changed from charles to sadface
  • Status changed from assigned to new

r9724 libtransmission/crypto.c: (trunk libT) #2658 "encryption improvements" - patch by sadface to make DH handshake ~2x faster. yay!

comment:3 Changed 11 years ago by charles

  • Resolution set to fixed
  • Status changed from new to closed

comment:4 Changed 10 years ago by jordan

  • Milestone changed from 1.80 to 2.30
  • Resolution fixed deleted
  • Status changed from closed to reopened

libtorrent-rasterbar has code with a similar intent to this, but its approach is a little simpler: set dh->length instead of dh->priv_key and let openssl do the rest.

comment:5 Changed 10 years ago by jordan

  • Milestone changed from 2.30 to 1.80
  • Resolution set to fixed
  • Status changed from reopened to closed

After looking over the code some more I see there is other code involved in the libtorrent-rasterbar implementation too. The rb code is fine, but it's not the big win over libtransmission's code that I initially thought it was.

Note: See TracTickets for help on using tickets.