[tor-dev] Proposal: Bridge Detection Resistance against MITM-capable Adversaries

Jérémy Bobbio lunar at debian.org
Tue Nov 8 07:55:34 UTC 2011

On Tue, Nov 08, 2011 at 12:46:45AM +0100, George Kadianakis wrote:
>    Tor clients who use bridges and want to pin their SSL certificates
>    must specify the bridge's SSL certificate fingerprint as in:
>      Bridge shared_secret=934caff420aa7852b855 \
>          link_cert_fpr=38b0712e90bed729df81f2a22811d3dd89e91406d2522f4482ae4079e5245187

This starts to look like a lot of numbers. The kind that will be hard to
hand out on paper without making a mistake…

Supporting paper and pen as a way to give out bridges is even more
likely to be important in areas where a powerful entity is actively
trying to enumerate all bridges (and thus can do MITM). Also think about
users of epheremal systems (Tails) which needs to type bridge
informations at every boot.

How about using base32 instead of hex? The former means shorter strings
and disambiguate 'l' & '1' and '0' & 'o'.

Is it really needed to have such a long number as a fingerprint?

My 2 cents,
Jérémy Bobbio                        .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20111108/b0b53b3a/attachment.pgp>

More information about the tor-dev mailing list