[tor-bugs] #9719 [Tor]: Reuse Y in ntor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 12 02:02:33 UTC 2013
#9719: Reuse Y in ntor
-----------------------------+-------------------
Reporter: rransom | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID: #9662
Points: |
-----------------------------+-------------------
Comment (by rransom):
Replying to [ticket:9719 rransom]:
> * keep a per-thread 2^14^-bit replay-detection Bloom filter of the `bX`
values computed during the server handshake, using SipHash as the hash and
`k` as the key;
I forgot that you're including `X` in the ntor hashes, not just the shared
secrets. (ntor remains secure if `B`, `X`, and `Y` are omitted from the
hashes; it essentially uses HDH with `B` to authenticate `Y`, and HDH with
`Y` for forward secrecy, but without a second layer of hashing.) In that
case, performing replay detection using `X` is sufficient.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9719#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list