[tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
Ian Goldberg
iang at cs.uwaterloo.ca
Thu Apr 7 22:22:24 UTC 2011
On Thu, Apr 07, 2011 at 06:13:45PM -0400, Nick Mathewson wrote:
> Oh! Also, for a bit of redundancy, I'm thinking that the symmetric
> crypto parts of the improved onion handshakes ought to be with a less
> malleable mode of operation than the counter-mode stuff we do now.
Yes. Absolute necessity.
> Perhaps we could make use of an all-or-nothing mode of operation like
> LIONESS or biIGE. (They're both slower than counter mode, but for
> purposes of CREATE cells, I don't think the hit will matter in
> comparison with the cost of the public-key operations.)
A MAC (or a cipher mode that includes integrity like GCM) would be a
good start.
- Ian
More information about the tor-dev
mailing list