[tor-bugs] #17436 [Tor]: Expose daily shared random value to the control port
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 27 17:22:31 UTC 2015
#17436: Expose daily shared random value to the control port
--------------------+---------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #16943 | Points:
Sponsor: |
--------------------+---------------------
Description changed by asn:
Old description:
> After we implement prop250, it would be great if we could export the
> shared random value of the day in the control port.
>
> If we do this, hidden service applications can get it as well and use it
> for their own application-layer needs. Since the shared random value is
> global to the whole network, applications can use this in various ways.
>
> For example, you can imagine using this as a sort of replay protection,
> where a packet needs to have the current random value of the day. Hence,
> attackers won't be able to replay packets the next day.
>
> Or you could build warrant cannaries on hidden services.
>
> There must be better applications that currently escape me.
New description:
After we implement prop250, it would be great if we could export the
shared random value of the day to the control port.
If we do this, hidden service applications can get it as well and use it
for their own application-layer needs. Since the shared random value is
global to the whole network, applications can use this in various ways.
For example, you can imagine using this as a sort of replay protection,
where a packet needs to have the current random value of the day. Hence,
attackers won't be able to replay packets the next day.
Or you could build warrant cannaries on hidden services.
There must be better applications that currently escape me.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17436#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list