#21615: Use hashed fingerprint in all lookups ---------------------------+----------------------------------- Reporter: cypherpunks | Owner: irl Type: enhancement | Status: needs_information Priority: Medium | Milestone: Component: Metrics/Atlas | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ---------------------------+-----------------------------------
Comment (by karsten): Leaking a hashed fingerprint is not problematic. It's the original, unhashed bridge fingerprint that we should not leak. Let's assume `B` is an original, unhashed bridge fingerprint that we don't want to leak. If the user looks up `B`, Atlas shouldn't send `B` to the Onionoo server, but it should send `H(B)` instead. In fact, Onionoo wouldn't find anything under `B`, because it doesn't even know original, unhashed bridge fingerprints. So far so good, but what if the user did the right thing and put in `H(B)` to look up their bridge? In that case Atlas would send `H(H(B))` to Onionoo, in which case Onionoo would still provide the same bridge. Similarly for relays, let's assume that `R` is an original, unhashed relay fingerprint, however, that we don't mind leaking. If Atlas sees that it sends `H(R)` to Onionoo, which is fine. But Onionoo would also respond to `R` as search input. What Onionoo would not understand is `H(H(R))`. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21615#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs