[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Questions about crypto used in TAP/Ntor



Dear Nick,

I want to thank you very much for your clear and explicit answer. This is
what a transaparent and open-source project is all about. Thanks to people
with your attitude such communities go forward and grow in perfomance.

Obviously you were incomparable smarter (I don't have to say it, it can be
seen from 1 million miles) than our friend who had a feeling I am from the
NSA :) To be honest, I am just comparing the crypto primitives used in Tor
to the current standards from NIST, etc. I haven't asked anything which I
shouldn't know.

I have read the proposal, sounds way better than what we currently have.
Hope it will be active as soon as possible.

Maybe you get the chance to look into the Hidden Services (I know a
proposal exists there but couldn't find it) so that they will be more
secure, scalable and DoS resitant, including protecting the Hidden Service
Directories.

Again, thank you for your patience and explicit reply.

> On Thu, Oct 30, 2014 at 2:22 PM,
> <BM-2cUqBqHFVDHuY34ZcpL3PNgkpLUEEer8ev@xxxxxxxxxxxxx> wrote:
>> Dear experts,
>>
>> Want to clarify some things:
>>
>> 1. The fignerprint of a Tor relay which is advertised in the direcotry
>> data is a SHA1 sum of which key? Sice now a relay has a secret onion key
>> and a secret key for Ntor.
>
> Neither one; it's a fingerprint of the identity key. (That's the one
> called "signing-key" in the descriptors.)  See section 1.1 of
> tor-spec.txt for a list of keys.
>
>> 2. The fingerprint (since it's a hash sum of the key) is what strengths
>> encryption between relays or clients and relays, kind of like a CA in
>> SSL?
>> That is why the directory authorities sign the list of fingereprints -
>> is
>> this correct?
>
> These identity key fingerprints are used to authenticate link
> encryption, to know you've done a TLS connection to the right node.
> They're used to sign all the other keys.
>
>> 3. How strong is Ntor compared to TAP? As I can see in latest Tor
>> version
>> now clients prefer Ntor by default - are there any plans to deprecate
>> TAP
>> in teh future?
>
> ntor is probably as strong as curve25519; TAP is probably as strong as
> dh1024. (So, ntor is probably far far stronger than TAP.)
>
> I'd like to deprecate TAP.  Some time in the next 2-8 months, for
> instance, I'd like to make authorities reject relays that don't
> support ntor.  That should be sufficient to stop clients running 0.2.4
> and later from having to use TAP.
>
>> 4. The fingerprint is a SHA1 hash, as described in the papers. Any plans
>> to move in the immediate future to a stronger hash algorithm, like
>> SHA256?
>
> I'm working on implementing proposal #220 right now, which migrates
> relay identities to (unhashed) Ed25519 keys.
>
> [tor-spec.txt]
> https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/tor-spec.txt
> [proposal 220]
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/220-ecc-id-keys.txt
> [implementation in progress]
> https://trac.torproject.org/projects/tor/ticket/12498
> --
> Nick
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk