[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18191 [Core Tor/Tor]: .onion name collision



#18191: .onion name collision
--------------------------+-------------------------
 Reporter:  cypherpunks   |          Owner:
     Type:  defect        |         Status:  closed
 Priority:  Very High     |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Critical      |     Resolution:  invalid
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+-------------------------
Changes (by cypherpunks):

 * status:  reopened => closed
 * resolution:   => invalid


Comment:

 cypherpunks, you misunderstand the difference between a preimage and
 collision attack. A preimage attack involves creating input which hashes
 to the same output as a target, such as trying to generate your own HS key
 that is valid for facebookcorewwwi.onion. A collision attack involves
 starting from scratch and creating two inputs which hash to the same
 output, but an output you cannot control. You don't get to choose which
 two private keys will collide, so you can't "target" an existing address.
 Tor HSes provide 80 bits of preimage resistance and 40 bits of collision
 resistance. All proper n-sized cryptographic hash functions provide n bits
 of preimage resistance, and n/2 bits of collision resistance.

 It's still a good idea to increase the size of HS addresses (as prop224
 will do) because 80 bits of preimage resistance, while not bad, is not
 something that should be relied upon when faced with a billion dollar
 budget.

 You shouldn't re-open a closed ticket just because you don't understand
 the reasons behind it closing. Explain why it should not be closed (in
 this case, it should be) before re-opening it right away.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18191#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs