[tor-dev] Hash Visualizations to Protect Against Onion Phishing

Yawning Angel yawning at schwanenlied.me
Thu Aug 20 15:47:34 UTC 2015

On Thu, 20 Aug 2015 11:00:51 -0400
Ian Goldberg <iang at cs.uwaterloo.ca> wrote:

> On Thu, Aug 20, 2015 at 02:41:51PM +0000, Yawning Angel wrote:
> > What would be useful here is the number of onion addresses an
> > average user visits.  If it's small, something like this would
> > probably be sufficient:
> > 
> >  0. Browser generates/stores a long term salt.
> > 
> >  1. On onion access, calculate SHAKE(salt | onion address) map that
> > to a poker hand (5 card draw).
> > 
> >     P(52,5) = 311,875,200
> >     C(52,5) = 2,598,960
> > 
> >  2. Goto 1.
> The per-browser salt is a good way to prevent similar-hash attacks,
> but of course will go astray if the user reinstalls her Tor Browser
> or has multiple devices.

Yeah, that's a downside.  I suspect it can be fairly short but I don't
have a solid basis for that suspicion, and it also provides the
property of being able to semi-arbitrarily increase the brute forcing
difficulty at a latter date.

> I'd caution about the poker hand, though.  One year when I taught
> first-year undergraduate CS, we included an assignment that had to do
> with decks of cards and card games.  A surprising number of people had
> never seen decks of cards before, and were unfamiliar with the
> concept. I did not observe whether the (un)familiarity was correlated
> with what part of the world they came from.

It was a hypothetical example.  If we're willing to go with the visual
equivalent of key poems (which is what my suggestion roughly
corresponds to) with a per-client secret to prevent brute forcing, then
there's no reason why we couldn't let the user choose a visual
representation they're most comfortable with.

(My initial example was going to use mahjong tiles. >.>)

> Perhaps a notification "You've never visited this site before" that
> pushes down from the top like some other notifications might go a long
> way?

People would likely complain about storing "did access foo.onion in the
past" type information to disk.  I could argue for/against "well, use a
per-client keyed bloom filter, false positive rate!!!!", but depending
on the adversary model, people will probably (rightfully) be uneasy at
the thought of persisting even that.

The moment people are willing to store "I accessed this onion in the
past", I'm inclined to think "this is functionally equivalent to the
user bookmarking said onion".


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150820/388f1ee3/attachment.sig>

More information about the tor-dev mailing list