[tor-dev] A concrete proposal for crypto (at least part of it)

Robert Ransom rransom.8774 at gmail.com
Wed Nov 2 16:45:53 UTC 2011

On 2011-11-02, Watson Ladd <watsonbladd at gmail.com> wrote:
> Dear All,
> Rather then get further sucked into a debate that is producing more
> heat then light about Wegman-Carter, I've decided to make a concrete
> proposal for how Tor can better protect its streams from manipulation.

Your proposal is so detailed and concrete that I'm not even going to
try to figure out what it means.

I propose Salsa20/8 and CubeHash-256 as our general-purpose stream
cipher and message digest for the first new crypto designs
(seriously), and I propose that we implement multiple new crypto
designs as soon as possible (seriously) so that we know we will get
future migrations right.

But if this bikeshedding about the low-level details of cryptographic
primitives keeps up, I'm going to design my own stream cipher and
message digest.

> Right now Tor encrypts the streams of data from a client to a OR with
> AES-CTR and no integrity checks.

Bullshit.  We have a 32-bit-per-cell integrity check at the ends of a circuit.

Robert Ransom

More information about the tor-dev mailing list