On Thu, 20 Aug 2015 11:00:51 -0400 Ian Goldberg <iang@xxxxxxxxxxxxxxx> wrote: > On Thu, Aug 20, 2015 at 02:41:51PM +0000, Yawning Angel wrote: > > What would be useful here is the number of onion addresses an > > average user visits. If it's small, something like this would > > probably be sufficient: > > > > 0. Browser generates/stores a long term salt. > > > > 1. On onion access, calculate SHAKE(salt | onion address) map that > > to a poker hand (5 card draw). > > > > P(52,5) = 311,875,200 > > C(52,5) = 2,598,960 > > > > 2. Goto 1. > > The per-browser salt is a good way to prevent similar-hash attacks, > but of course will go astray if the user reinstalls her Tor Browser > or has multiple devices. Yeah, that's a downside. I suspect it can be fairly short but I don't have a solid basis for that suspicion, and it also provides the property of being able to semi-arbitrarily increase the brute forcing difficulty at a latter date. > I'd caution about the poker hand, though. One year when I taught > first-year undergraduate CS, we included an assignment that had to do > with decks of cards and card games. A surprising number of people had > never seen decks of cards before, and were unfamiliar with the > concept. I did not observe whether the (un)familiarity was correlated > with what part of the world they came from. It was a hypothetical example. If we're willing to go with the visual equivalent of key poems (which is what my suggestion roughly corresponds to) with a per-client secret to prevent brute forcing, then there's no reason why we couldn't let the user choose a visual representation they're most comfortable with. (My initial example was going to use mahjong tiles. >.>) > Perhaps a notification "You've never visited this site before" that > pushes down from the top like some other notifications might go a long > way? People would likely complain about storing "did access foo.onion in the past" type information to disk. I could argue for/against "well, use a per-client keyed bloom filter, false positive rate!!!!", but depending on the adversary model, people will probably (rightfully) be uneasy at the thought of persisting even that. The moment people are willing to store "I accessed this onion in the past", I'm inclined to think "this is functionally equivalent to the user bookmarking said onion". Regards, -- Yawning Angel
Attachment:
pgpzg_fKkxHjn.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev