[tor-dev] Future Onion Addresses and Human Factors

To: "tor-dev@xxxxxxxxxxxxxxxxxxxx" <tor-dev@xxxxxxxxxxxxxxxxxxxx>

Subject: [tor-dev] Future Onion Addresses and Human Factors

From: Alec Muffett <alecm@xxxxxx>

Date: Sat, 8 Aug 2015 11:36:35 +0000

Accept-language: en-GB, en-US

Cc: "yan@xxxxxxx" <yan@xxxxxxx>

Delivered-to: archiver@xxxxxxxx

Delivery-date: Sat, 08 Aug 2015 08:12:24 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=facebook; bh=KMIi8atfcxBm4nBYUSMAi2AkndsemjJQYf9AGXDhkAs=; b=DI1q1eTLuke3y8mmA2w9GdXVuLJfUX/ef9ZxKlTyTVCNx2zRytEEY0E044Km2osP/Pbc SvjMTMGGm1y6BFqCNWFNYG++YSylSMnfD6GlsCm0XMER1++oqJh5s4hkYihDhBUmCVHN zwlE/snoxLkfLWTgIq84Kw6ugLbxa0BhX0g=

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Thread-index: AQHQ0c57ZGcWHtTDKkak86vU4+cu/w==

Thread-topic: Future Onion Addresses and Human Factors

Hi All,

Having Beer with Donncha, Yan and others in Berlin a few days ago, discussion moved to Onion-Address Human Factors.

Summary points:

1) itâs all very well to go an mine something like âfacebookcorewwwiâ as an onion address, but 16 characters probably already exceeds human ability for easy string comparison.

2) example of the above: there are already âin the fieldâ a bunch of onion addresses âpassing themselves offâ as other onion addresses by means of common prefixes.

3) next generation onion addresses will only make this worse

4) from Proposal 244, the next generation addresses will probably be about this long:

        a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion

5) taking a cue from World War Two cryptography, breaking this into banks of five characters which provide the eyeball a point upon which to rest, might help:

        a1uik-0w1gm-fq3i5-ievxd-m9ceu-27e88-g6o7p-e0rff-dw9jm-ntwkd-sd.onion

6) using underscores would be a pain (tendency to have to use SHIFT to type)

7) using dots would pollute subdomains, and colons would cause parser confusion with port numbers in URIs

8) being inconsistent (meaning: âwe extract the second label and expunge anything which is not a base32 characterâ, ie: that with-hyphens and without-hyphens) may help or hinder, weâre not really sure; it would permit mining addresses like:

agdjd-recognisable-word-kjhsdhkjdshhlsdblahblah.onion # illustration purposes only

âwhich *looks* great, but might encourage people to skimp on comparing [large chunks of] the whole thing and thereby enable point (2) style passing-off.

9) appending a credit-card-like âyou typed this properlyâ extra few characters checksum over the length might be helpful (10..15 bits?) - ideally this might help round-up the count of characters to a full field, eg: XXX in this?

        a1uik-0w1gm-fq3i5-ievxd-m9ceu-27e88-g6o7p-e0rff-dw9jm-ntwkd-sdXXX.onion

10) it might be good to discuss this now, rather than later?

Hence this email, in the hope of kicking off a discussion between people who care about human factors. :-)

- alec

Alec Muffett

Security Infrastructure

Facebook Engineering

London

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev