[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
From: Ian Goldberg <iang@xxxxxxxxxxxxxxx>
Date: Thu, 7 Apr 2011 18:25:30 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 Apr 2011 18:25:45 -0400
In-reply-to: <20110407222000.GR25995@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <BANLkTi=kXQw4c9th0h9Yda4WyJi_9jhd_w@xxxxxxxxxxxxxx> <BANLkTinBPjGA-pD34zUzw1dB+F4wfaptEg@xxxxxxxxxxxxxx> <20110407222000.GR25995@xxxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

On Thu, Apr 07, 2011 at 11:20:00PM +0100, Steven J. Murdoch wrote:
> On Thu, Apr 07, 2011 at 06:13:45PM -0400, Nick Mathewson wrote:
> > Oh!  Also, for a bit of redundancy, I'm thinking that the symmetric
> > crypto parts of the improved onion handshakes ought to be with a less
> > malleable mode of operation than the counter-mode stuff we do now.
> > Perhaps we could make use of an all-or-nothing mode of operation like
> > LIONESS or biIGE.  (They're both slower than counter mode, but for
> > purposes of CREATE cells, I don't think the hit will matter in
> > comparison with the cost of the public-key operations.)
> 
> This is another thing that triggers my crypto-spidey-sense. The
> particular problem that I'm thinking of is that for MAC-then-encrypt,
> only some modes of operation are secure (CTR is, CBC is not). In some
> ways, the malleability of CTR is a strength, and I'd be concerned that
> something else might be able to be leveraged in an attack.

But we're currently doing "encrypt", not "MAC-then-encrypt".  And we
should be doing "encrypt-then-MAC", in my opinion, which ensures the
ciphertext can't be undetectably messed with.

In any event, yes, crypto-spidey-sense.

   - Ian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
  - From: Nick Mathewson
- Re: [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
  - From: Nick Mathewson
- Re: [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
  - From: Steven J. Murdoch

Prev by Author: Re: [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
Next by Author: Re: [tor-dev] The Torouter project - where are we now?
Previous by thread: Re: [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
Next by thread: Re: [tor-dev] Improved circuit-setup protocol [was: Re: Designing and implementing improved circuit-setup protocol [was: GSoC 2011]]
Index(es):
- Author
- Thread