On 2011-11-02, Watson Ladd watsonbladd@gmail.com wrote:
Dear All, Rather then get further sucked into a debate that is producing more heat then light about Wegman-Carter, I've decided to make a concrete proposal for how Tor can better protect its streams from manipulation.
Your proposal is so detailed and concrete that I'm not even going to try to figure out what it means.
I propose Salsa20/8 and CubeHash-256 as our general-purpose stream cipher and message digest for the first new crypto designs (seriously), and I propose that we implement multiple new crypto designs as soon as possible (seriously) so that we know we will get future migrations right.
But if this bikeshedding about the low-level details of cryptographic primitives keeps up, I'm going to design my own stream cipher and message digest.
Right now Tor encrypts the streams of data from a client to a OR with AES-CTR and no integrity checks.
Bullshit. We have a 32-bit-per-cell integrity check at the ends of a circuit.
Robert Ransom