[tor-dev] basket: More eggs in the Guard basket.

Yawning Angel yawning at schwanenlied.me
Wed Dec 17 23:36:58 UTC 2014

On Wed, 17 Dec 2014 13:51:02 -0500
Nick Mathewson <nickm at alum.mit.edu> wrote:
> Should the handshake also a signature by Bob of (X|N), and should
> maybe the shared secret also include a digest of all the other parts
> of the communication?

Hmm, maybe I shouldn't have left bits out, and I really do need to
document the handshake component of the protocol.

The former is actually done, a BLAKE-256 digest of the entire client
request is included in Bob's response and is covered by the signature.
The client verifies that Bob received a unmodified request, after
checking the signature.  There's no reason why the signature can't just
include the entire request here if that's better.

Including a digest of everything sent as part of the shared secret
seems like a good idea, so I shall revise the protocol to do that
(digesting < 50 KiB of data isn't that big of a deal given how
heavyweight the other crypto bits are).


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141217/a6aefeed/attachment.sig>

More information about the tor-dev mailing list