Hi George, Please see below for a spec patch covering this email thread and various issues discussed on Trac and tor-dev@
> On 20 Nov 2015, at 00:13, George Kadianakis <desnac...@riseup.net> wrote: > > Tim Wilson-Brown - teor <teor2...@gmail.com <mailto:teor2...@gmail.com>> > writes: > >> Hi All, >> >> prop224 salts the encrypted portion of each descriptor with a random value. >> If we use the same "salt" for every replica/spread, the encrypted portions >> of the descriptor will be identical. >> (In the spec, it looks like the same encrypted descriptor / salt is used for >> each replica / spread, but it's not explicit.) >> >> I can't think of an attack based on matching up the encrypted portions of >> descriptors. >> But I like the idea of making the blinded key and encrypted portion of every >> descriptor different, so there's no way to tell if they're from the same >> service or not. >> >> Then there would be no way of telling whether replica/spread descriptors >> were from the same hidden service, which I think is a useful property. >> > > You are suggesting we should use a different salt for each descriptor we push? > > Sounds reasonable, with a small cost on implementation complexity since now we > will have to generate N different descriptors and push them properly to the > right HSDirs. Plausible. > > If you send a patch for the proposal, I will merge! I've created a branch rend-ng-descriptors on https://github.com/teor2345/torspec.git It addresses the issues I've mentioned in this email trail, tickets #17239 and #17242, and the raw random value leakage issue mentioned by Jacob in [0]. A full list of changes is: * add a comment that prop252 wants to add extend-info to the descriptor (perhaps it will need more padding) * add distinguishing values to every hash * hash raw random bytes before use * deal with replica hashing collisions * randomise revision-counter to avoid information leaks * use a different salt for each replica and upload * avoid replicas with the same blinded key They are in approximate order of complexity / impact. Please feel free to ask me questions about any of these changes. (And please to cherry-pick as needed.) Tim [0]: https://lists.torproject.org/pipermail/tor-dev/2015-November/009954.html Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
