[tor-dev] What to read to analyze Tor's use of NTor?

Nick Mathewson nickm at alum.mit.edu
Thu Sep 19 14:25:56 UTC 2013

On Wed, Sep 18, 2013 at 11:57 PM, Roger Dingledine <arma at mit.edu> wrote:
> Hi Nick, Ian,
> I've been pointing people to "Section 6 of
> http://citeseerx.ist.psu.edu/viewdoc/summary?doi=" when
> they ask what NTor is. But then I realized that that's not the best
> (single) place to send cryptographers when I ask them to analyze whether
> we've designed or built it right.
> Then I found
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/216-ntor-handshake.txt
> which looks great
> but then I also found
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt#l852
> which looks crisper.
> So the questions:
> A) Which combination and order of these three resources should I point
> people at? That is, does the tor-spec stanza replace proposal 216
> completely, or is there still some use to looking at the proposal too,
> or is the proposal wrong now because you fixed stuff since then but
> didn't change the proposal, etc? Did I miss any good resources?

I would suggest that people who want to review the thing should really
review all of those.  If I recall correctly, the tor-spec stanza is a
complete replacement for proposal 216, but proposal 216 might explain
things better in some places.  I'd also suggest reading the code in
src/or/onion_ntor.c, which is written pretty cleanly (he bragged).

The reason I suggest looking at all of these is that --while an attack
on the implementation would of course be worst -- I would accept an
attack against *any* of those writeups as a good attack that we should
know about.  Moreover, I think that looking at the differences between
those writeups, and for differences between the final spec and the
implementation, would be something very much worth doing.

> B) What are the sketchiest parts -- the parts of the design or the
> implementation that you most want review on, or that you think would be
> most fruitful for finding issues?
> C) What else should I be asking you, in terms of how to get this thing
> reviewed the mostest and the bestest? We rolled out NTor quicker than we
> rolled out TAP, relatively speaking, and now it would count as breaking a
> widely deployed system so I bet we can get some more people evaluating it.

I think Ian et al would have a better handle on these issues than I.


More information about the tor-dev mailing list