9

I am building an application that will be connected over tor, using onion services. I just realized that the file generated by Tor that contains the private key of the hidden site is only RSA 1024bits.

Isn't RSA 1024 considered weak?

Is the conversation when connecting to a hidden service encrypted only using RSA 1024? Should I wrap the conversation with another layer of encryption using a better RSA?

Nathan Parker
  • 225
  • 2
  • 5

1 Answers1

5

What encryption algorithms does Tor use?

See the following sections of the Tor Protocol Specification:

  • 0.2 Security parameters
  • 0.3 Ciphers

Isn't RSA 1024 considered weak?

1024 hasn't been broken (yet... ), and you'd find moving to anything bigger makes things generally slower.

There's a useful discussion in this old thread.

With regards to rolling your own more secure onion service, have a look at this thread.

Richard Horrocks
  • 3,155
  • 1
  • 15
  • 24