#22995: prop224 should say we use SHA3-256 for rend circuit digests
------------------------------------+------------------------------------
Reporter: teor | Owner: asn
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: prop224, tor-spec, doc | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
------------------------------------+------------------------------------
Comment (by asn):
What's the problem here? The spec does say that SHA3-256 should be used:
{{{
4.2.1. Key expansion
The hidden service and its client need to derive crypto keys from the
NTOR_KEY_SEED part of the handshake output. To do so, they use the KDF
construction as follows:
K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN * 2 + S_KEY_LEN *
2)
The first HASH_LEN bytes of K form the forward digest Df; the next
HASH_LEN
bytes form the backward digest Db; the next S_KEY_LEN bytes form Kf,
and the
final S_KEY_LEN bytes form Kb. Excess bytes from K are discarded.
}}}
Do you think we should make it clearer in section 5 that those keys are
from `KDF()` which:
{{{
* Instantiate KDF with SHAKE-256.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22995#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
