[Nym3-devel] SIG size for control messages sent to the nymserver.
Laurent Fousse
laurent at komite.net
Mon Apr 11 12:24:42 CEST 2005
Hi Nick,
* Nick Mathewson [2005-04-10]:
> > (1) force the key size to 2048 bits,
> > (2) zero-pad the 128 octets signature to get a 256 octets signature,
> > (3) add one leading octet that gives the signature length.
> >
> > I'm not really in favour of (3), and the key generation time might
> > bother users of slow machines for a forced 2048 bits keysize.
>
> I'd favor (1) myself as the easiest option; 1024-bit keys just seem
> too small these days.
Yes. It just makes testing the account creation longer when using 2048
bits keys.
> But another option is to put the SIG part of
> the message header _after_ the NL and NYM fields, so the server knows
> which key to use and how long it is. We don't need to worry about
> those fields being unsigned---if they are altered, the signature won't
> be correct unless the signature is altered too, which is impossible
> without the correct private key.
>
> How does that sound?
Good, except for the particular case we are facing now (account
creation) where the nym field is empty, and the server doesn't know in
advance the key size. So maybe forced 2048 keysize is best for
simplicity and from the anonymity POV. I'll write patches for
nym-spec.txt summarizing our recent discussion about keysize and
proof-of-work, post them there for review and commit them to the tree
after that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.noreply.org/pipermail/nym3-devel/attachments/20050411/832384ee/attachment.pgp
More information about the Nym3-devel
mailing list