[tor-dev] Proposal 190: Password-based Bridge Client Authorization

Robert Ransom rransom.8774 at gmail.com
Fri Nov 4 19:41:00 UTC 2011

On 2011-11-04, Robert Ransom <rransom.8774 at gmail.com> wrote:
> On 2011-11-04, George Kadianakis <desnacked at gmail.com> wrote:

>>    To avoid problems associated with the human condition, schemes
>>    based on public key cryptography and certificates can be used. A
>>    public and well tested protocol that can be used as the basis of a
>>    future authorization scheme is the SSH "publickey" authorization
>>    protocol.
> Secret keys for DSA (with a fixed group) and EC-based signature
> schemes can be short enough to be fairly easy to transport.  Secret
> keys for RSA are a PITA to transport, unless you either (a) specify a
> deterministic key-generation procedure, or (b) make the public key
> available to all clients somehow, and provide enough information to
> clients intended to access a bridge that the client can factor the
> modulus efficiently.

Um.  On second thought, this is just freaking ridiculous (especially
my paragraph).  We don't want each client to have to generate a
public-key authentication keypair and send its public key to the
bridge in advance; that would be a nightmare to implement with our
current bridge infrastructure.

So the only sensible ways to use public-key authentication seems to be
to give the same secret key to every authorized client (i.e.
distribute it like a password) (see Telex), and then we might as well
use a (shorter) shared-secret password (unless we need magic features
of a specific cryptosystem like the ‘public-key steganography’ used in

Robert Ransom

More information about the tor-dev mailing list