[tor-bugs] #21615 [Metrics/Atlas]: Use hashed fingerprint in all lookups
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 3 14:17:41 UTC 2017
#21615: Use hashed fingerprint in all lookups
---------------------------+-----------------------------------
Reporter: cypherpunks | Owner: irl
Type: enhancement | Status: needs_information
Priority: Medium | Milestone:
Component: Metrics/Atlas | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+-----------------------------------
Comment (by karsten):
Leaking a hashed fingerprint is not problematic. It's the original,
unhashed bridge fingerprint that we should not leak.
Let's assume `B` is an original, unhashed bridge fingerprint that we don't
want to leak. If the user looks up `B`, Atlas shouldn't send `B` to the
Onionoo server, but it should send `H(B)` instead. In fact, Onionoo
wouldn't find anything under `B`, because it doesn't even know original,
unhashed bridge fingerprints. So far so good, but what if the user did
the right thing and put in `H(B)` to look up their bridge? In that case
Atlas would send `H(H(B))` to Onionoo, in which case Onionoo would still
provide the same bridge.
Similarly for relays, let's assume that `R` is an original, unhashed relay
fingerprint, however, that we don't mind leaking. If Atlas sees that it
sends `H(R)` to Onionoo, which is fine. But Onionoo would also respond to
`R` as search input. What Onionoo would not understand is `H(H(R))`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21615#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list