[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Shared random value calculation edge cases (proposal 250)



Hi George,

On 11/12/15, George Kadianakis <desnacked@xxxxxxxxxx> wrote:
> Hello there believers of prop250,
>
> you can find the latest version of the proposal in the upstream torpec
> repo:
>
> https://gitweb.torproject.org/torspec.git/tree/proposals/250-commit-reveal-consensus.txt

I reviewed your fine document and I wondered about section 4.1.1. and
specifically about the generation of RN "where RN is a 256-bit random
value."

I'd like to propose a change that is minimal and adds only one small change:

   The value REVEAL is computed as follows:

      REVEAL = base32-encode( TIMESTAMP || H(RN) )

      where RN is a 256-bit random value and where H is the hashing
algorithm "sha256".

This would ensure that the raw random bytes from the PRNG are never
revealed to the network which seems like a reasonable thing[0] to
prevent.

All the best,
Jacob

[0] http://projectbullrun.org/dual-ec/ext-rand.html
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev