[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] A concrete proposal for crypto (at least part of it)



On Wed, Nov 2, 2011 at 12:45 PM, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> On 2011-11-02, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:
>> Dear All,
>> Rather then get further sucked into a debate that is producing more
>> heat then light about Wegman-Carter, I've decided to make a concrete
>> proposal for how Tor can better protect its streams from manipulation.
>
> Your proposal is so detailed and concrete that I'm not even going to
> try to figure out what it means.

I'm going to suggest that we ought to isolate protocol discussions
from primitives discussions here.  The discussion of how to put
together a good relay packet format using a stream cipher and a MAC
(or a stream cipher with an authenticating mode of operation) ought to
be separable from the discussion of which stream
cipher/MAC/authenticating mode we use.

(If it isn't separable -- if the format relies on particular
properties of a given primitive -- that strikes me as a point against
the format.)

[...]
>> Right now Tor encrypts the streams of data from a client to a OR with
>> AES-CTR and no integrity checks.
>
> Bullshit.  We have a 32-bit-per-cell integrity check at the ends of a circuit.

Let's keep this polite, please.  "Not so" is a perfectly fine
alternative to "bullshit," and is likelier to keep future
conversations productive.

cheers,
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev