[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torspec/master] prop224: Clarify when we need fresh salt for descriptors.
commit 0567494b3f1cd51cc6f5404fc8d84ec5f4434bc8
Author: George Kadianakis <desnacked@xxxxxxxxxx>
Date: Tue Apr 12 15:18:25 2016 +0300
prop224: Clarify when we need fresh salt for descriptors.
---
proposals/224-rend-spec-ng.txt | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index 237ffdd..a3fb40b 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -851,15 +851,9 @@ Status: Draft
The encrypted part of the hidden service descriptor is encrypted and
authenticated with symmetric keys generated as follows:
- SALT = 16 bytes from H(random), different for each post to each replica,
- even if the content of the descriptor hasn't changed.
- (This avoids leaking service stability, and linking replicas
- via encrypted data comparison.)
-
- (We hash salt so that we don't leak the raw bytes returned by a PRNG
- to the network. See [RANDOM-REFS].)
-
- [ XX/teor - is the extra load on the HSDirs worth it? ]
+ SALT = 16 bytes from H(random), changes each time we rebuld the
+ descriptor even if the content of the descriptor hasn't changed.
+ (So that we don't leak whether the intro point list etc. changed)
secret_input = blinded_public_key | subcredential | INT_4(revision_counter)
keys = KDF(secret_input, salt, "hsdir-encrypted-data",
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits