[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
From: Ondrej Mikle <ondrej.mikle@xxxxxxxxx>
Date: Fri, 04 May 2012 02:21:29 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 May 2012 20:21:47 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=LfxxFcR9oHPSHQ2ir0ozjx7P4dx8/WyhAcMXtvvIvRg=; b=t9g1JiBEBMTI2dii2IkL4erHKNtf9ZEBNZcivNvZURkJO1S/7Ll7zGyuHw1ezDPr/Y Kqk1/MYHv1qVr7Ke24UvilKWloF5JlMm8cBVreeGxzuHVULoJHQgnFbBm+fCK0vw9Wo8 lYFzd+OSOZXWITGJkgMBD2UlmfsLaMU+doLhj6tSkKBMfWmuGztClXACpn/JziusEpNH Q3Rq1GOYIpMtKuD2Mak3KUyJcna1QLI3HdI+ncObIGoIVp/KK3TL3i/vjKVrrOQHDvyL Jo3ey1pzuOIot+oif1f1TY10k1AE4gd8FBs/ioBHFM0F+kb6GSC7paouKfPK1LOG94xB QVLw==
In-reply-to: <4FA26CE7.7070909@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4FA128DA.1020700@xxxxxxxxxxxxxx> <4FA18C78.3010905@xxxxxxxxxxxxxx> <4FA26CE7.7070909@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1

On 05/03/2012 01:32 PM, Karsten Loesing wrote:
> On 5/2/12 9:35 PM, Sebastian G. <bastik.tor> wrote:
>> [...]
>> "We don't need it, so better remove it." I really like that.
> 
> I think we're really conservative with giving out bridge data, and
> that's good.
> 
> At the same time there's a value in giving out information about
> bridges, so that "remove everything" is not a good answer.  For example,
> I think if we give bridge operators better feedback how their bridge is
> doing, we'll suddenly have a lot more bridges.  Making it easy for
> bridge operators to use Atlas would be a good step into that direction.
>  The same applies to funders who realize from our statistics how
> successful the Tor Cloud project is and who then want to fund it more to
> make it more usable, support more cloud providers, etc.

I would suggest looking at homomorphic hash [1] and Shamir's discrete logarithm
hash function [2]. (Those also work well with linear network coding [3], but not
sure if it could be useful here.)

For example, encoding FQDN, IP or nick can be done by splitting the
argument-to-encode by fields or characters. The parts can be then used as input
to the hash function.

The function allows checking whether a nick/FQDN/IP has specific part, or two
have identical part, but does not disclose "plaintext" of the part.

Obviously, there are statistical attacks possible: e.g. for FQDNs, the attacker
could guess which component maps to 'com', as it is the most common TLD.
Similarly, splitting up into characters can be attacked by using frequency
tables. There are other things that could apply here (thinking about attacks on
"plaintext RSA" without padding).

Nevertheless, I think it's still better than publishing plaintext data if we are
not sure what they might give away. Implementation using gmp/gmpy/numpy should
be fairly easy.

Ondrej

[1] On-the-Fly Verification of Rateless Erasure Codes for Efficient Content
Distribution, http://pdos.csail.mit.edu/papers/otfvec/paper.pdf (see section IV)
[2] http://www.senderek.com/SDLH/
[3] https://en.wikipedia.org/wiki/Network_coding
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
  - From: Karsten Loesing

References:
- [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
  - From: Karsten Loesing
- Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
  - From: Sebastian G. <bastik.tor>
- Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
  - From: Karsten Loesing

Prev by Author: Re: [tor-dev] [tor-assistants] Python metrics-lib
Next by Author: Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
Previous by thread: Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
Next by thread: Re: [tor-dev] Can we stop sanitizing nicknames in bridge descriptors?
Index(es):
- Author
- Thread