-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi DC,
Thanks for the reply. Responses to your responses inline. ;-) On 23/08/13 21:51, DC wrote: > The hash format (first 80 bits of SHA-1, encoded base32) is the > same as Onion URLs use. How do they avoid preimage attacks? (I > thought generating 2^80 keypairs and checking each one to see if > the public key matches was simply too much work, maybe I'm wrong > though.) 80 bits may not be enough to defend against a well-funded adversary these days - that's one aspect of the Tor hidden services design that "needs some love". https://blog.torproject.org/blog/hidden-services-need-some-love "...the current 80-bit security of onion addresses does not inspire confidence against impresonation attacks." > How exactly is the symmetric key used to encrypt the private key? > What block cipher mode do you use? Is there authentication as well > as encryption? > > > (Currently I'm using the first 128 bits of a SHA hash as the key, > then AES-128 symmetric encryption.) What block cipher mode of operation do you use? If the mode of operation requires padding, what padding scheme do you use? Do you authenticate the ciphertext? If so, what MAC function do you use, and how do you derive the MAC key? These are nitpicky questions, but they could be important for security if the server's compromised. > ... after implementing your suggestion, it will be PBKDF2 instead, > and I'll generate a random salt for each user. (That way, an > attacker can only try to brute-force one account at a time, instead > of all of them.) Awesome! Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSGKGPAAoJEBEET9GfxSfMIkMH/ioS8guoBIfgNXowtEzNSrHh akUNxgBQuklMs8ayo+lsWL3VU3/nmjz+gO4jia1mXuRDYTRbz3vmQl1XxhH++eeT 2ci3jCXkc0uLMJ9Do1XFSweO+RGw4qXh0fYNlzkKmNZ9u5b8Y4LOWxDgL60+Ah33 FINtoMG3y/DHthKhyrQc+5pavY5oXAjtom11Hpy03MC0SjhQaW/4WqOgd0hl1Cqa hBkgd83YuqQ7Mqg4QBCdcL0xyPuQWKaGOPd1eDYUl2qyntpiUQJsMPVLTrNILPQW xHhr7o7QvNga4MBqExUY1uimaVXwXqIZOGFaagRBZgF0buBIVWYoMsmiaXyfou4= =bSd1 -----END PGP SIGNATURE----- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.