[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Choosing a name for a .onon

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Choosing a name for a .onon
From: Maxim Kammerer <mk@xxxxxx>
Date: Fri, 30 Mar 2012 04:52:40 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 29 Mar 2012 21:53:15 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dee.su; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=3ZOpqIeUFNRyiboi+NT7x7J5FTg1cXXDRVM8K+CpcHw=; b=E4S6uSdZpJDxI++YmiOWkMgHCP3/CyOyXfgVC1GuDSmZQaMoD4/hlaBISQweo5VobE KB1mv2cuzqNBNFcVqdV8Xwrrs+XXeRlAch87BY//vtXf8Tw6L3Mfr+4H2l8dopouxiK5 EYioWT7Wq2Z//DKVhyXpLpSoj15jICiWyOqhY=
In-reply-to: <4f74f67e.86b8320a.1076.3ff6SMTPIN_ADDED@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CACbaT3aNMwz+WdcgpE11fR=pAF64EhE+ZY7sOT+Uyn7N1Ru_Eg@xxxxxxxxxxxxxx> <4f74f67e.86b8320a.1076.3ff6SMTPIN_ADDED@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Fri, Mar 30, 2012 at 01:54, Seth David Schoen <schoen@xxxxxxx> wrote:
> Choosing the first 40 bits of a hash generally requires trying an average of 2ââ
> possibilities; my laptop does about 3-4 million SHA1 operations per second
> (per CPU core) so it would take me 3-4 days (per CPU core) of computation
> to try that many possibilities on my laptop.

Due to proliferation of Bitcoin, there are now very efficient SHA-256
generators for off-the-shelf GPUs. The numbers at [1] suggest
performance that's at least two orders of magnitude faster than your
laptop â and for double-SHA-256 instead of a single SHA-1 (which I
assume can be done by the same software after some simple adaptation).

[1] https://en.bitcoin.it/wiki/Mining_hardware_comparison

> Of course this requires being able to change something trivial about the
> public key when generating the .onion address.

Not necessarily â you can generate the hash first, and then check
whether the public key is legal. I.e., generate a 512-bit prime p, and
then go on with producing a completely random 512-bit e, and checking
whether SHA-1(ASN.1-RSAPublicKey(modulus=p*e, exponent=65537)) (which
is how Tor computes the .onion address) produces the desired result.
If it does, check whether e is prime. Density of primes in the range
of e is ~1/512, so that's just 9 bits more of search space, and
primality checking efficiency doesn't matter much.

-- 
Maxim Kammerer
LibertÃ Linux (discussion / support: http://dee.su/liberte-contribute)
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Choosing a name for a .onon
  - From: Robert Ransom

References:
- [tor-talk] Choosing a name for a .onon
  - From: Adrian Crenshaw

Prev by Author: Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?
Next by Author: Re: [tor-talk] Choosing a name for a .onon
Previous by thread: Re: [tor-talk] Choosing a name for a .onon
Next by thread: Re: [tor-talk] Choosing a name for a .onon
Index(es):
- Author
- Thread