[tor-bugs] #8106 [Tor]: Make .onion addresses harder to harvest by directory servers
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 7 14:09:14 UTC 2013
#8106: Make .onion addresses harder to harvest by directory servers
-----------------------------+----------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: SponsorZ tor-hs | Parent:
Points: | Actualpoints:
-----------------------------+----------------------------------------------
Comment(by hyperelliptic):
Replying to [comment:19 rransom]:
> Replying to [comment:18 asn]:
> > Hey Robert,
> >
> > I talked with hyperelliptic today and she explained me her concerns of
comment:17.
>
> None of those concerns are legitimate.
>
Huh? Let me try this again.
There are two security requirements:
* Nobody can produce a signature that passes verification by a user
knowing A's long-term key.
AND
* Nobody can produce a signature that passes verification for the short-
term public key.
The second proposal of rransom flunks the second requirement.
Here is why this requirement matters:
The HS address is the x-cooordinate of the short-term public key. This can
be computed by anybody knowing the long-term public key. An attacker could
overwrite the correct information on the directory service with bogus
information if he could produce a signature under the short-term public
key.
What makes the attack work on the second scheme is that the basepoint is
provided as part of the signature and is therefore under the control of
the attacker.
To avoid this problem, use a fixed basepoint or use x(short-term
key),x(basepoint) as HS address.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8106#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list