[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Shared random value calculation edge cases (proposal 250)

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Shared random value calculation edge cases (proposal 250)
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Thu, 19 Nov 2015 14:30:47 +0000
Cc: dgoulet@xxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Nov 2015 09:31:01 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appelbaum-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ocXWxWXAOf70PhuJoKgmIdu/Uku5uiGXZgfLq40MTgc=; b=C0JEyLHr83QNIvhPpq5BB8WfmS3OJWubDRV9ekYfoKRtlV/Wv35SnhnkDRXUH4W3wA kts+IhCUNVDqkl4gx5albM5MN0s7wty2iE4ZtMIIbLnK3cZX+unpaYBpY1lPv5CXWHer klVQ4TpsUw+sd61z7QFE8R9QAwU7LPrO4NZ6KOAa7StvR1NjTlgmCjtAzl5Bs6+lqQ8z sR0Gq8aMPQIpMTmX4YtN/LyZxU0JuMrxkah02goBRVSx3wuXMvFyPUKRa58+hfXjAcDj FjJuUFXHE4NQM5dyyGoldxt+qw6OwA6oSxCV3cT1NWYpii+nAGJWowC5ABQX/fvgi1Zd f2xg==
In-reply-to: <87mvuj70rk.fsf@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87mvuj70rk.fsf@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi George,

On 11/12/15, George Kadianakis <desnacked@xxxxxxxxxx> wrote:
> Hello there believers of prop250,
>
> you can find the latest version of the proposal in the upstream torpec
> repo:
>
> https://gitweb.torproject.org/torspec.git/tree/proposals/250-commit-reveal-consensus.txt

I reviewed your fine document and I wondered about section 4.1.1. and
specifically about the generation of RN "where RN is a 256-bit random
value."

I'd like to propose a change that is minimal and adds only one small change:

   The value REVEAL is computed as follows:

      REVEAL = base32-encode( TIMESTAMP || H(RN) )

      where RN is a 256-bit random value and where H is the hashing
algorithm "sha256".

This would ensure that the raw random bytes from the PRNG are never
revealed to the network which seems like a reasonable thing[0] to
prevent.

All the best,
Jacob

[0] http://projectbullrun.org/dual-ec/ext-rand.html
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Shared random value calculation edge cases (proposal 250)
  - From: David Goulet

References:
- [tor-dev] Shared random value calculation edge cases (proposal 250)
  - From: George Kadianakis

Prev by Author: [tor-dev] BridgeDB 0.3.3 is released
Next by Author: Re: [tor-dev] Shared random value calculation edge cases (proposal 250)
Previous by thread: Re: [tor-dev] Shared random value calculation edge cases (proposal 250)
Next by thread: Re: [tor-dev] Shared random value calculation edge cases (proposal 250)
Index(es):
- Author
- Thread