[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21615 [Metrics/Atlas]: Use hashed fingerprint in all lookups

Subject: Re: [tor-bugs] #21615 [Metrics/Atlas]: Use hashed fingerprint in all lookups
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 03 Mar 2017 16:41:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 03 Mar 2017 11:41:33 -0500
In-reply-to: <051.feb436485bd4505b60c48bbdb09eca56@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.feb436485bd4505b60c48bbdb09eca56@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21615: Use hashed fingerprint in all lookups
---------------------------+-----------------------------------
 Reporter:  cypherpunks    |          Owner:  irl
     Type:  enhancement    |         Status:  needs_information
 Priority:  Medium         |      Milestone:
Component:  Metrics/Atlas  |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:                 |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+-----------------------------------

Comment (by karsten):

 I'm still not sure I understand the problem you're trying to solve.
 Whatever Onionoo tells you in a response you can safely include in a
 subsequent request without hashing.  It's the part about hashing user
 input that should be hashed before sending it to Onionoo, because you
 cannot be sure that the user did not tell you `B`.  But of course, if you
 want, you can hash everything you get from Onionoo.  It doesn't help but
 it also doesn't hurt.  But I may be overlooking the real issue here.
 Sorry that this is so confusing, but if it's any relief, it's confusing
 me, too. ;)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21615#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #21615 [Metrics/Atlas]: Use hashed fingerprint in all lookups
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #21289 [Applications/Tor Browser]: Orfox needs global NoScript Anywhere++ HTTPS whitelisting
Next by Author: Re: [tor-bugs] #21396 [Applications/Tor Browser]: Torbutton breaks Session Manager addon
Previous by thread: Re: [tor-bugs] #21615 [Metrics/Atlas]: Use hashed fingerprint in all lookups
Next by thread: Re: [tor-bugs] #21615 [Metrics/Atlas]: Use hashed fingerprint in all lookups
Index(es):
- Author
- Thread