[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is it desirable to prevent users from choosing their own circuits?

On Fri, Oct 2, 2009 at 10:50 AM, Brian Mearns <bmearns@xxxxxxxx> wrote:
> On Fri, Oct 2, 2009 at 12:26 PM, Martin Fick <mogulguy@xxxxxxxxx> wrote:
>> --- On Fri, 10/2/09, Brian Mearns <bmearns@xxxxxxxx> wrote:
>>> > Perhaps I don't understand your suggestion, but how
>>> > would a hash translate to a relay address?  The
>>> > maximum possible strength of a hash is related to the
>>> > size of its address space, if this is limited to the
>>> > number of relays available, it would be pretty weak.
>>> > I would imagine that an 8 bit cpu is likely to be
>>> > able to easily run through enough hash input
>>> > combinations to get the address of any tor relay in
>>> > the network, wouldn't they?
>>> >
>>> > -Martin
>> ...
> Thank you very much for the additional feedback. I hadn't really
> considered that this was a criteria of a hashing function, but I guess
> it makes sense: if it's biased when fairly mapped to a smaller domain,
> it would be biased in the full domain as well. For what it's worth, I
> was using SHA-512.

Hello Brian,

I believe that if you would have used a prime number of "buckets" then
your hash result would have been greatly improved with respect to an
even distribution.

> Interestingly, "Applied Cryptography" (by Bruce Schneier) briefly
> discusses a distributed timestamping protocol that uses a hash of the
> content to be stamped in order to select which nodes will provide the
> stamp, the idea being that the requester can't simply choose to use
> nodes he controls in order to forge the timestamp. The details are not
> given, but it is mentioned that the hash is used to seed a PRNG, the
> output of which is used to pick the nodes. I suppose this would suffer
> from the same weakening effects of mapping the output into a smaller
> domain. If there are only 2^N nodes to choose from, an attacker should
> be able to get the one he wants by enumerating through about that many
> different inputs. Of course, if he needs to choose 2 nodes, then I
> guess he would need to enumerate through 2^(2N) input values to be
> almost-guaranteed a hit (or maybe 2^(2N-1), since order doesn't
> matter?) I suppose that's where the security comes from in that case.
> Regards,
> -Brian
> --
> Feel free to contact me using PGP Encryption:
> Key Id: 0x3AA70848
> Available from: http://keys.gnupg.net
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Kasimir Gabert

Kasimir Gabert
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/