[tor-talk] [liberationtech] messing with XKeyScore

isis isis at torproject.org
Mon Jul 14 22:29:17 UTC 2014

Seth David Schoen transcribed 3.2K bytes:
> isis writes:
> > TorLauncher is smart about this, and if a bridge line (such as this one)
> > doesn't start with "Bridge", then TorLauncher rewrites the line before adding
> > it to the user's torrc file:
> > 
> > Bridge obfs4 abcdef0123456789abcdef0123456789abcdef01 sekrit=fu,password=bar
> > 
> > The same obviously happens when configuring bridges in Tails, because Tails
> > now uses TorLauncher. The biggest problem we've seen here is that users cannot
> > correctly/accurately type a bridge's fingerprint.
> Ahoy Isis,
> I've seen some protocols that write hashes as sequences of
> natural-language words.  I guess the oldest one is
> https://en.wikipedia.org/wiki/PGP_word_list

Yep, the idea is pretty old. A variant of it was even written up into
RFC1751 in 1994. [0] That one is already in the pycrypto module, [1]
at `Crypto.Util.RFC1751`. It encoded a fingerprint into 30 words with
maximal length of 4 characters each:

>>> from Crypto.Util import RFC1751
>>> encoded = RFC1751.key_to_english('c0f30b8a1ab2b4c9c2242b1b6cda9688c01462f8')
>>> encoded
>>> decoded = RFC1751.english_to_key(enc)
>>> decoded
>>> len(encoded.split(' '))

> but there are newer things, including the ones at
> https://en.wikipedia.org/wiki/PGP_word_list#Other_word_lists_for_data

FWIW, Leif's Bananaphone (SSH-over-Markov-Chains) tool [2] would also
work for this purpose, also more efficiently than Zimmermann's PGP
wordlist; I was able to get an encoded fingerprint easily down to 28
words, each word between 2-7 characters:

∃!isisⒶwintermute:~ ∴ egrep -x '\w{2,7}' /usr/share/dict/words > fingerprint-corpus.txt
∃!isisⒶwintermute:~ ∴ wc -l fingerprint-corpus.txt
31082 fingerprint-corpus.txt
∃!isisⒶwintermute:~ ∴ du -sh fingerprint-corpus.txt
212K    fingerprint-corpus.txt
∃!isisⒶwintermute:~ ∴ XZ_OPT=-9 tar cJf corpus.txt.tar.xz fingerprint-corpus.txt
∃!isisⒶwintermute:~ ∴ du -sh corpus.txt.tar.xz
56K     corpus.txt.tar.xz
∃!isisⒶwintermute:(master>)~/code/torproject/bananaphone ∴ \
  echo -n 'c0f30b8a1ab2b4c9c2242b1b6cda9688c01462f8' | \
  python bananaphone.py pipeline \
  'rh_encoder("words,sha1,12", "random", "../../../fingerprint-corpus.txt")' > test1
∃!isisⒶwintermute:(master>)~/code/torproject/bananaphone ∴ cat test1
beach pint heard phases Gallo giblet remands hares hiccups enlarge hates Pound Eisner unblock leakage lowdown desists prickly kilns motion tikes saltier cosiest incrust rarity Ulster wallops
∃!isisⒶwintermute:(master>)~/code/torproject/bananaphone ∴ cat test1 | \
  python ./banaphone.py pipeline 'rh_decoder("words,sha1,12")'

An additional benefit to using Bananaphone would be that it doesn't
require the client-side (the TorLauncher side) to have the corpus (the
`fingerprint-corpus.txt` file, in the above example). Also, because of
this, BridgeDB could easily use Spanish, Arabic, etc. corpuses for
users who are perhaps unfamiliar with English words.

This, however, would mean that we'd need Banaphone written in JS.

> and also whatever Moxie is using for the Redphone fingerprint
> verification.  Is there any prospect of giving users the option to
> represent the bridge fingerprint that way?

This is a great idea.

The un-translation of the encoded fingerprint would likely need to
happen in either little-t tor or in TorLauncher.

I'm willing to take a patch to BridgeDB's UI templates to optionally
encode the fingerprint as a list of words, though I would prefer the
default display to give the actual fingerprint.

And I spoke briefly to Mike Perry about the possibility of including
such a decoder in TorLauncher. Mike said he's willing to merge the
patches, but unwilling to force the Pearl Crescent hackers (who
wrote/maintain TorLauncher) to use their time implementing this.

There is the possibility that, in the future, one of Tor's regular
funders will be sponsoring a thing called "Tor Challenge", which is
where Tor Project people point at small projects which require less
expertise yet which they would really like to see done, then someone
wanting to help out comes along and does whatever that small project
is and gets to collect the funding allotted to that Challenge. I'd
gladly add this to my list of things I want done.

> Or maybe adding a checksum field calculated as the first byte of the
> SHA512 of the fingerprint?

Also an interesting idea. But what if they type the checksum wrong?

> --
> Seth Schoen  <schoen at eff.org>
> Senior Staff Technologist                       https://www.eff.org/
> Electronic Frontier Foundation                  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107                                                                                                          

[0]: https://tools.ietf.org/html/rfc1751
[1]: https://pypi.python.org/pypi/pycrypto
[2]: https://github.com/isislovecruft/bananaphone

 ♥Ⓐ isis agora lovecruft
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140714/6f41d51d/attachment.sig>

More information about the tor-talk mailing list