[tor-dev] Proposal: Bridge Detection Resistance against MITM-capable Adversaries
lunar at debian.org
Tue Nov 8 07:55:34 UTC 2011
On Tue, Nov 08, 2011 at 12:46:45AM +0100, George Kadianakis wrote:
> Tor clients who use bridges and want to pin their SSL certificates
> must specify the bridge's SSL certificate fingerprint as in:
> Bridge 22.214.171.124 shared_secret=934caff420aa7852b855 \
This starts to look like a lot of numbers. The kind that will be hard to
hand out on paper without making a mistake…
Supporting paper and pen as a way to give out bridges is even more
likely to be important in areas where a powerful entity is actively
trying to enumerate all bridges (and thus can do MITM). Also think about
users of epheremal systems (Tails) which needs to type bridge
informations at every boot.
How about using base32 instead of hex? The former means shorter strings
and disambiguate 'l' & '1' and '0' & 'o'.
Is it really needed to have such a long number as a fingerprint?
My 2 cents,
Jérémy Bobbio .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the tor-dev