[tor-dev] basket: More eggs in the Guard basket.
yawning at schwanenlied.me
Wed Dec 17 23:36:58 UTC 2014
On Wed, 17 Dec 2014 13:51:02 -0500
Nick Mathewson <nickm at alum.mit.edu> wrote:
> Should the handshake also a signature by Bob of (X|N), and should
> maybe the shared secret also include a digest of all the other parts
> of the communication?
Hmm, maybe I shouldn't have left bits out, and I really do need to
document the handshake component of the protocol.
The former is actually done, a BLAKE-256 digest of the entire client
request is included in Bob's response and is covered by the signature.
The client verifies that Bob received a unmodified request, after
checking the signature. There's no reason why the signature can't just
include the entire request here if that's better.
Including a digest of everything sent as part of the shared secret
seems like a good idea, so I shall revise the protocol to do that
(digesting < 50 KiB of data isn't that big of a deal given how
heavyweight the other crypto bits are).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the tor-dev