[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Publishing sanitized bridge pool assignments
On Wed, Feb 02, 2011 at 12:03:19PM -0500, Ian Goldberg wrote:
> Actually, to keep it to one SHA block (447 bits, not including padding),
> you can have at most 255 bits (31 bytes, if we're byte-aligned) for the
> secret. I wouldn't suggest spanning the secret across SHA blocks.
>
> SHA-512 seems like overkill if we're only using 3 bytes of the output.
> SHA-256 should be fine. Indeed, there's no _actual_ reason to believe
> SHA-1 isn't fine here, except for the general "don't be mandating SHA-1
> for anything new at this point" rule.
These sound like fine suggestions to me! I added a short summary to the
Trac entry here:
https://trac.torproject.org/projects/tor/ticket/2435#comment:2
> A 31-byte secret is far more likely to leak than be brute-forced, of
> course. If it's leaked one month, is it likely to leak again another
> month?
Leaking shouldn't be a problem here, because the secret will only be known
to the machine that's sanitizing bridge descriptors. If someone learns
about the secret on that machine, they could as well learn about the
original descriptors, too, and save themselves all the trouble of brute
forcing things.
Thanks a lot for your feedback so far!
Best,
Karsten