[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: one less onion skin

To: or-talk@xxxxxxxxxxxxx
Subject: Re: one less onion skin
From: James Muir <jamuir@xxxxxxxxxxxxxxx>
Date: Wed, 07 Mar 2007 00:07:25 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 07 Mar 2007 00:07:37 -0500
In-reply-to: <45EE460E.4040306@ironkey.com>
References: <45EE3B64.7060909@scs.carleton.ca> <45EE460E.4040306@ironkey.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20070104)

Steve Southam wrote:

Is it because the ORs don't know where they are in the circuit? Of course OR3 knows it's at the end, but the others either recognize or relay.

I agree that not using k_1, d_1 would allow OR1 to determine that they are the first node in a circuit. However, Tor clients already leak this information. The key agreement with OR1 is done using a "CREATE_FAST" command rather than a normal "CREATE". So, once an OR receives a "CREATE_FAST" it knows its position in the circuit. (it might be that Tor clients which are also onion routers themselves do not send "CREATE_FAST"... I am not sure)

So the question is, if we have already leaked this information, are we wasting CPU cycles doing AES with OR1?

-James

Follow-Ups:
- Re: one less onion skin
  - From: Roger Dingledine
- Re: one less onion skin
  - From: Steve Southam

References:
- one less onion skin
  - From: James Muir
- Re: one less onion skin
  - From: Steve Southam

Prev by Author: one less onion skin
Next by Author: Re: Noobie Configuration Questions
Previous by thread: Re: one less onion skin
Next by thread: Re: one less onion skin
Index(es):
- Author
- Thread