Nick Mathewson <ni...@torproject.org> writes: > Filename: 222-remove-client-timestamps.txt > Title: Stop sending client timestamps > Authors: Nick Mathewson > Created: 22 August 2013 > Target: 0.2.5.x > Status: Open > > 0. Summary > > There are a few places in Tor where clients and servers send > timestamps. I list them and discuss how to eliminate them. > > 1. Introduction > > Despite this late date, many hosts aren't running NTP and > > <snipage> > > field, so this change should be safe. > > 2.2. AUTHENTICATE (server) > > The AUTHENTICATE cell is not ordinarily sent by clients. It > contains an 8-byte timestamp and a 16-byte random value. > Instead, let's replace both with a 24-byte (truncated) HMAC of > the current time, using a random key. > > This will achieve the goal of including a timestamp in the > cell (preventing replays even in the presence of bad entropy), > while at the same time not including the time here. >
Hey Nick, how does the client verify the contents of the AUTHENTICATE cell (including the timestamp), if the timestamp is encrypted with a random key? _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
