[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #26291 [Core Tor/Tor]: find all instances of SHA-1 in our design and implementation and kill them with fire

To: undisclosed-recipients: ;
Subject: [tor-bugs] #26291 [Core Tor/Tor]: find all instances of SHA-1 in our design and implementation and kill them with fire
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 03 Jun 2018 18:15:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 03 Jun 2018 14:15:44 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26291: find all instances of SHA-1 in our design and implementation and kill them
with fire
-------------------------+-------------------------------------------------
     Reporter:  isis     |      Owner:  (none)
         Type:  project  |     Status:  new
     Priority:  Medium   |  Milestone:  Tor: unspecified
    Component:  Core     |    Version:
  Tor/Tor                |   Keywords:  sha1, crypto, technical-debt,
     Severity:  Normal   |  hidden-services, hash-functions
Actual Points:           |  Parent ID:
       Points:  9001     |   Reviewer:
      Sponsor:           |
  SponsorV-can           |
-------------------------+-------------------------------------------------
 This is a parent ticket for finding every use of SHA-1 in our specs/design
 and code, detailing it, and coming up with a plan to replace it.

 From
 [https://trac.torproject.org/projects/tor/wiki/org/meetings/2018NetworkTeamHackfestSeattle/OldCrypto
 the Seattle notes], we use truncated SHA-1 in v2 onion services and
 `relay_crypt_one_payload()`, and we use full width SHA-1 for relay
 fingerprints and, again, v2 onion services. Nick has also written
 [https://gitweb.torproject.org/torspec.git/tree/proposals/ideas/xxx-what-
 uses-sha1.txt a draft document] detailing where we use SHA-1, however it
 is presently outdated and incorrect in some places.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26291>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #26418 [Core Tor/Tor]: linker failures on 0.3.4 with --disable-module-dirauth
Next by Author: Re: [tor-bugs] #25947 [Core Tor/Tor]: Create unit test for dirserv_read_measured_bandwidths
Previous by thread: Re: [tor-bugs] #25461 [Core Tor/Tor]: main event-loop spins consuming 100% of a CPU core at times
Next by thread: Re: [tor-bugs] #3476 [Applications/Tor bundles/installation]: debian package: HashedControlPassword auth fails when CookieAuthentication is enabled
Index(es):
- Author
- Thread