I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
zzz
2011-08-16 16:12:23 +00:00
parent 6e2bd010a0
commit f20a285d5c
2 changed files with 34 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
www.i2p2/pages/how_cryptography.html
View File

@ -2,7 +2,7 @@
{% block title %}Low-level Cryptography Details{% endblock %} {% block title %}Low-level Cryptography Details{% endblock %}
{% block content %} {% block content %}
<p> <p>
Updated January 2011, current as of router version 0.8.3 Updated August 2011, current as of router version 0.8.7
<p> <p>
This page specifies the low-level details of the cryptography in I2P. This page specifies the low-level details of the cryptography in I2P.
<p> <p>
@ -166,7 +166,7 @@ as a part of <a href="how_elgamalaes">ElGamal/AES+SessionTag</a>
For encryption of <a href="how_tunnelrouting.html#testing">periodic tunnel test messages</a> sent from the router to itself, through its own tunnels. For encryption of <a href="how_tunnelrouting.html#testing">periodic tunnel test messages</a> sent from the router to itself, through its own tunnels.
</li></ul> </li></ul>
</p><p> </p><p>
We use 256 bit AES in CBC mode. We use AES with 256 bit keys and 128 bit blocks in CBC mode.
The padding used is specified in <a href="http://tools.ietf.org/html/rfc2313">IETF RFC-2313 (PKCS#5 1.5, section 8.1 (for block type 02))</a>. The padding used is specified in <a href="http://tools.ietf.org/html/rfc2313">IETF RFC-2313 (PKCS#5 1.5, section 8.1 (for block type 02))</a>.
In this case, padding exists of pseudorandomly generated octets to match 16 byte blocks. In this case, padding exists of pseudorandomly generated octets to match 16 byte blocks.
Specifically, see Specifically, see
@ -175,14 +175,12 @@ and the Cryptix AES
<a href="http://trac.i2p2.de/browser/core/java/src/net/i2p/crypto/CryptixRijndael_Algorithm.java?rev=85a542c53d910dffbf34cdcefb8a2faeee96adc4">[implementation]</a>, <a href="http://trac.i2p2.de/browser/core/java/src/net/i2p/crypto/CryptixRijndael_Algorithm.java?rev=85a542c53d910dffbf34cdcefb8a2faeee96adc4">[implementation]</a>,
as well as the padding, found in the as well as the padding, found in the
<a href="http://trac.i2p2.de/browser/core/java/src/net/i2p/crypto/ElGamalAESEngine.java?rev=85a542c53d910dffbf34cdcefb8a2faeee96adc4">ElGamalAESEngine.getPadding</a> function. <a href="http://trac.i2p2.de/browser/core/java/src/net/i2p/crypto/ElGamalAESEngine.java?rev=85a542c53d910dffbf34cdcefb8a2faeee96adc4">ElGamalAESEngine.getPadding</a> function.
<!-- *********************************************************************************
Believe it or not, we don't do this any more. If we ever did. safeEncode() and safeDecode() are unused.
<p> <p>
Two situations are possible: In all cases, we know the size of the data to be sent, and we AES encrypt the following:
<p>
1. For situations where we stream AES data, we still use the same algorithm, as implemented in
<a href="http://trac.i2p2.de/browser/core/java/src/net/i2p/crypto/AESOutputStream.java?rev=85a542c53d910dffbf34cdcefb8a2faeee96adc4">[AESOutputStream]</a>
<a href="http://trac.i2p2.de/browser/core/java/src/net/i2p/crypto/AESInputStream.java?rev=85a542c53d910dffbf34cdcefb8a2faeee96adc4">[AESInputStream]</a>
<p>
2. For situations where we know the size of the data to be sent, we AES encrypt the following:
<p> <p>
<PRE> <PRE>
+----+----+----+----+----+----+----+----+ +----+----+----+----+----+----+----+----+
@ -195,7 +193,7 @@ Two situations are possible:
| | | |
+----+----+----+----+----+----+----+----+ +----+----+----+----+----+----+----+----+
| size | data ... | | size | data ... |
+----+----+ + +----+----+----+----+ +
| | | |
~ ~ ~ ~
| | | |
@ -209,7 +207,7 @@ Two situations are possible:
H(data): 32-byte SHA-256 Hash of the data H(data): 32-byte SHA-256 Hash of the data
size: 2-byte Integer, number of data bytes to follow size: 4-byte Integer, number of data bytes to follow
data: payload data: payload
@ -217,16 +215,19 @@ padding: random data, to a multiple of 16 bytes
</PRE> </PRE>
<p> <p>
After the data comes an application specified number of randomly generated padding bytes. After the data comes an application-specified number of randomly generated padding bytes.
This application specified number is rounded up to a multiple of 16. This application-specified number is rounded up to a multiple of 16.
The entire segment (from H(data) through the end of the random bytes) is AES encrypted The entire segment (from H(data) through the end of the random bytes) is AES encrypted
(256 bit CBC w/ PKCS#5). (256 bit CBC w/ PKCS#5).
<p> <p>
This code is implemented in the safeEncrypt and safeDecrypt methods of This code is implemented in the safeEncrypt and safeDecrypt methods of
<a href="http://trac.i2p2.de/browser/core/java/src/net/i2p/crypto/AESEngine.java?rev=85a542c53d910dffbf34cdcefb8a2faeee96adc4">[AESEngine]</a> AESEngine but it is unused.
</p> </p>
*************************************************************** -->
<H4>Obsolescence</H4> <H4>Obsolescence</H4>
<p> <p>
The vulnerability of the network to an AES attack and the impact of transitioning to a longer bit length is to be studied. The vulnerability of the network to an AES attack and the impact of transitioning to a longer bit length is to be studied.
@ -397,6 +398,13 @@ router's DSA key, plus each network message has their own hash for local integri
checking. checking.
<p> <p>
See <a href="udp.html#keys">the SSU specification</a> for details. See <a href="udp.html#keys">the SSU specification</a> for details.
<p>
WARNING - I2P's HMAC-HD5-128 used in SSU is apparently non-standard.
Apparently, an early version of SSU used HMAC-SHA256, and then it was switched
to MD5-128 for performance reasons, but left the 32-byte buffer size intact.
See HMACGenerator.java and
<a href="status-2005-07-05.html">the 2005-07-05 status notes</a>
for details.
<H2>References</H2> <H2>References</H2>

11
www.i2p2/pages/papers.html
View File

@ -139,6 +139,17 @@ Master's Thesis, TU-Munich, March 28, 2011.
<a href="http://grothoff.org/christian/i2p.pdf">Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P</a>, <a href="http://grothoff.org/christian/i2p.pdf">Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P</a>,
Michael Hermann, Christian Grothoff. Michael Hermann, Christian Grothoff.
Presented at PET Symposium, Waterloo Canada, July 27, 2011. Presented at PET Symposium, Waterloo Canada, July 27, 2011.
<a href="http://grothoff.org/christian/teaching/2011/2194/i2p.odp">presentation slides (odp)</a>
</li><li>
<a href="http://www.youtube.com/watch?v=bI_1qlcwfE0">Common Darknet Weaknesses</a>
(Youtube Video)
Adrian Crenshaw, <a href="http://aide.marshall.edu/">AIDE</a>, July 11-15, 2011.
</li><li>
<a href="http://www.youtube.com/watch?v=NV90TRs_pGE">Short garlic routing animation</a>
(Youtube Video)
Adrian Crenshaw.
</li><li> </li><li>
Cipherspaces/Darknets: An Overview Of Attack Strategies, Cipherspaces/Darknets: An Overview Of Attack Strategies,