[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21615 [Metrics/Atlas]: Use hashed fingerprint in all lookups



#21615: Use hashed fingerprint in all lookups
---------------------------+-----------------------------------
 Reporter:  cypherpunks    |          Owner:  irl
     Type:  enhancement    |         Status:  needs_information
 Priority:  Medium         |      Milestone:
Component:  Metrics/Atlas  |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:                 |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+-----------------------------------

Comment (by karsten):

 Leaking a hashed fingerprint is not problematic.  It's the original,
 unhashed bridge fingerprint that we should not leak.

 Let's assume `B` is an original, unhashed bridge fingerprint that we don't
 want to leak.  If the user looks up `B`, Atlas shouldn't send `B` to the
 Onionoo server, but it should send `H(B)` instead.  In fact, Onionoo
 wouldn't find anything under `B`, because it doesn't even know original,
 unhashed bridge fingerprints.  So far so good, but what if the user did
 the right thing and put in `H(B)` to look up their bridge?  In that case
 Atlas would send `H(H(B))` to Onionoo, in which case Onionoo would still
 provide the same bridge.

 Similarly for relays, let's assume that `R` is an original, unhashed relay
 fingerprint, however, that we don't mind leaking.  If Atlas sees that it
 sends `H(R)` to Onionoo, which is fine.  But Onionoo would also respond to
 `R` as search input.  What Onionoo would not understand is `H(H(R))`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21615#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs