[tor-bugs] #18191 [Core Tor/Tor]: .onion name collision
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 6 06:15:20 UTC 2016
#18191: .onion name collision
--------------------------+-------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: closed
Priority: Very High | Milestone:
Component: Core Tor/Tor | Version:
Severity: Critical | Resolution: invalid
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+-------------------------
Changes (by cypherpunks):
* status: reopened => closed
* resolution: => invalid
Comment:
cypherpunks, you misunderstand the difference between a preimage and
collision attack. A preimage attack involves creating input which hashes
to the same output as a target, such as trying to generate your own HS key
that is valid for facebookcorewwwi.onion. A collision attack involves
starting from scratch and creating two inputs which hash to the same
output, but an output you cannot control. You don't get to choose which
two private keys will collide, so you can't "target" an existing address.
Tor HSes provide 80 bits of preimage resistance and 40 bits of collision
resistance. All proper n-sized cryptographic hash functions provide n bits
of preimage resistance, and n/2 bits of collision resistance.
It's still a good idea to increase the size of HS addresses (as prop224
will do) because 80 bits of preimage resistance, while not bad, is not
something that should be relied upon when faced with a billion dollar
budget.
You shouldn't re-open a closed ticket just because you don't understand
the reasons behind it closing. Explain why it should not be closed (in
this case, it should be) before re-opening it right away.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18191#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list