[tor-dev] [RFC] Proposal for the encoding of prop224 onion addresses

[teor]

> On 26 Mar 2017, at 21:41, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> 
> On Sun, Mar 26, 2017 at 09:27:37PM +1100, teor wrote:
>> 
>>> On 26 Jan 2017, at 10:19, teor <teor2345 at gmail.com> wrote:
>>> 
>>>>> onion_address = base32(pubkey || checksum || version)
>>> 
>>> Is the order in which the address is encoded once the checksum is
>>> calculated. checksum represents (the first two bytes of) the result of
>>> the SHA3 hash.
>>> 
>>> We put pubkey first so that humans can distinguish addresses.
>>> (We could put checksum first, but that's non-standard.)
>> 
>> I just talked with some people who run a large onion site.
>> 
>> They asked if we can put the checksum at the front of the encoded
>> address.
>> 
>> This makes phishing with different bit(s) in the tail of the address
>> much harder. (That is, searching for a matching prefix for an existing
>> address is much harder if the checksum changes the first two characters
>> unpredictably. People ignore the checksum if it's at the end.)
> 
> Wait; why is searching for a matching checksum at the beginning harder
> than searching for a matching pubkey?  When trying to collide an onion
> address, the pubkey is essentially random, as is the checksum.

You're right - it only matters if the checksum is hard to compute.
(We could make it an scrypt or something, if we wanted to. But if we
don't, there's no need to make this change.)

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170326/0f44e186/attachment.sig>