March 2025 - tor-dev - lists.torproject.org

Proposal 358: Unifying circuit handshake extensions
by Nick Mathewson 27 Mar '25

27 Mar '25

https://spec.torproject.org/proposals/358-unified-handshake-extensions.html This proposal suggests that we should unify the EXT_FIELD_TYPE namespace, which is currently shared between CREATE2 and INTRODUCE2 messages. Please feel free to open tickets on gitlab, or to discuss here. Discussion on the forum is also okay! cheers, -- Nick

1 0

Proposal 357: Circuit key exporters: A better way to use KH
by Nick Mathewson 27 Mar '25

27 Mar '25

https://spec.torproject.org/proposals/357-circ-key-exporters.html This proposal declares a new way to use the "KH" output of our circuit handshake protocol in the future, to avoid the possibility of creating cross-protocol attacks. Please feel free to open tickets on gitlab, or to discuss here. Discussion on the forum is also okay! cheers, -- Nick

1 0

Proposal 356: Increasing netdoc strictness not considered (very) harmful
by Nick Mathewson 27 Mar '25

27 Mar '25

https://spec.torproject.org/proposals/356-desc-parsing-variance.html This proposal explains why we will not, in the future, generally worry about protocol changes that make strings that were formerly accepted as network documents become rejected in future versions. Please feel free to open tickets on gitlab, or to discuss here. Discussion on the forum is also okay! cheers, -- Nick

1 0

Proposal 355: Options for postquantum circuit extension handshakes
by Nick Mathewson 27 Mar '25

27 Mar '25

https://spec.torproject.org/proposals/355-revisiting-pq.html This proposal updates earlier proposals about postquantum cryptography in Tor circuit extensions, to handle changes in Tor and the PQ landscape since those proposals were written. Please feel free to open tickets on gitlab, or to discuss here. Discussion on the forum is also okay! cheers, -- Nick

1 0

Make torsocks mutli-arch ready
by Hefee 27 Mar '25

27 Mar '25

Hey, in Debian we want to enable mutli-arch support for torsocks. To be able to run different binaries of different archs. We already splitted libtorsocks into own package, so you can now install e.g.: torsocks:amd64, libtorsocks:amd64, libtorsocks:i386, wget:i386 But the torsocks script loads the libtorsocks by full path, so torsocks wget will fail, as it loads the amd64 variant only. ldconfig has this nice feature to find the correct library, if you only add the name and that the library is in default search dir or you add a conf file in / etc/ld.so.conf.d/. Using just the libname makes the "safty" check `! -e "$SHLIB"` fail, as $SHLIB, is only the libname in our case. Can you have a look at the patch[1], if you think it is safe to ship this? [1] https://salsa.debian.org/pkg-privacy-team/torsocks/-/blob/master/debian/ patches/0004-Make-torsocks-multi-arch-foreign-compatible.patch The issue I see is this: If arch from executable and the corresponding libtorsocks is not installed, only a Error is printed, but still the executable is executed without routing trough tor. The disabled check in torsocks could somehow catch this, if we would knew the arch of the executable in advanced correctly (which we don't, so far). If we can make sure, that LD_PRELOAD would stop executing, if the library cannot be found. e.g. I install libtorsocks:amd64 and wget:i386 I get: $wget -O- -4 icanhazip.com XX.230.187.XX $ torsocks wget -O- -4 icanhazip.com ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored. [...] XX.230.187.XX [...] (installing libtorsocks:i386 fixes this) On the other side, this does not got worse; currently torsocks will print a different error see #902792 but still execute the binary without tor. So this safety check doesn't help here (and btw. installing libtorsocks:i386 does not fix this issue by itself you also need to call /usr/bin/i386-linux-gnu- torsocks). #902792 https://bugs.debian.org/cgi-bin/902792 Regards, hefee

2 4

Proposal 354: Relaxing Path Restrictions in Arti
by Mike Perry 05 Mar '25

05 Mar '25

https://spec.torproject.org/proposals/354-relaxed-restrictions.html This is a proposal to simplify the usage of Family, Subnet, and custom path restrictions in Arti, so that clients don't reveal information about their Guards or Bridges by way of which relays they use, or don't use, in circuits. The meat of the proposal is that Arti's circuit path construction will satisfy the following rules: 1. Choose the Exit, HSDir, IP, or RP without considering restrictions 2. Choose Guard, Bridge, and Vanguards hops without considering restrictions 3. Choose any remaining middle nodes such that subnet, relay family, and user family restrictions apply with respect to the next hop (Exit, HSDir, IP, or RP) 4. Reject any resulting circuits with A-A and A-B-A sub-paths 5. If building a conflux leg: Reject any circuits that share relays with the other conflux leg(s) in the current conflux set. This simplifies path construction logic and avoids many pitfalls and information leaks caused by restriction use. These pitfalls and information leaks are documented in the proposal. The spec ticket in gitlab will remain open for comment until April 2, 2025: https://gitlab.torproject.org/tpo/core/torspec/-/issues/307 Comment here is also acceptable. -- Mike Perry

1 0

About the key derivation algorithm used in the Control Port password authentication
by techmetx11 04 Mar '25

04 Mar '25

Although several parts of Tor have been redesigned and upgraded over many years, the algorithm for the HashedControlPassword still remained the same. It still uses SHA-1 as the basis of the OpenPGP S2K algorithm, despite the fact that the algorithm has long-since been obsolete by newer and better hashing algorithms (on top of it, has had some practical collision attacks[1]). This is made worse by the fact that the S2K algorithm is not iterative (in the sense of recursive hashing), but rather repeats the salt+password many times in the hash digest until it reaches a certain amount of bytes. Theoretically, an attacker can expose this to autheticate into a Tor Control Port without having to know the password. Are there any plans to revamp the algorithm for newer Tor versions? [1]: https://shattered.io/

2 1