Hacker News new | past | comments | ask | show | jobs | submit login

Yes. Tor address is the public key, so nobody but its private key owner can decrypt traffic (or impersonate messages from it). It's actually superior to TLS, because you don't have to trust anyone (but you have to check that address in the URL is correct).

It is, however, only 1024 bit RSA for now.

Can we safely assume that anything 1024 bit RSA is now compromisable given the resources of a federal government?

Anything less than 2048 bit is probably a poor choice these days. NIST recommended that RSA-1024 be considered deprecated for use after 2010.

The trouble with RSA is that you end up needing to increase to pretty large key lengths to have significant increases in security after somewhere around 2048 bits. For example, a 4096 bit key is not really as great as it might first appear.

I might be wrong, but I have a vague recollection that Google went with a 16384 bit RSA key for their root key on Chrome devices. It's not a frequently used key (it's used to sign the signing key that can be updated - the signing key uses weaker and faster algorithms which can be changed in new firmware releases), but it's stored in read-only firmware that can only be updated by physically opening a machine. Given that you probably want the key to be good for somewhere between 5 and 30 years, the uncertainty which exists around quantum computers right now, and the tremendous problems which could occur if this key were to be factored, I can understand why they would choose such an obnoxiously large key length.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact