[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18191 [Core Tor/Tor]: .onion name collision

Subject: Re: [tor-bugs] #18191 [Core Tor/Tor]: .onion name collision
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 06 Oct 2016 06:15:20 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Oct 2016 02:15:30 -0400
In-reply-to: <051.563c01ef87c221f16d568a8b37f59f68@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.563c01ef87c221f16d568a8b37f59f68@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18191: .onion name collision
--------------------------+-------------------------
 Reporter:  cypherpunks   |          Owner:
     Type:  defect        |         Status:  closed
 Priority:  Very High     |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Critical      |     Resolution:  invalid
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+-------------------------
Changes (by cypherpunks):

 * status:  reopened => closed
 * resolution:   => invalid


Comment:

 cypherpunks, you misunderstand the difference between a preimage and
 collision attack. A preimage attack involves creating input which hashes
 to the same output as a target, such as trying to generate your own HS key
 that is valid for facebookcorewwwi.onion. A collision attack involves
 starting from scratch and creating two inputs which hash to the same
 output, but an output you cannot control. You don't get to choose which
 two private keys will collide, so you can't "target" an existing address.
 Tor HSes provide 80 bits of preimage resistance and 40 bits of collision
 resistance. All proper n-sized cryptographic hash functions provide n bits
 of preimage resistance, and n/2 bits of collision resistance.

 It's still a good idea to increase the size of HS addresses (as prop224
 will do) because 80 bits of preimage resistance, while not bad, is not
 something that should be relied upon when faced with a billion dollar
 budget.

 You shouldn't re-open a closed ticket just because you don't understand
 the reasons behind it closing. Explain why it should not be closed (in
 this case, it should be) before re-opening it right away.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18191#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #7349 [Core Tor/Tor]: Obfsbridges should be able to "disable" their ORPort
Next by Author: Re: [tor-bugs] #13893 [Applications/Tor Browser]: Torbrowser crashes on start when using MS EMET 5.x
Previous by thread: Re: [tor-bugs] #20299 [Applications/Tor Browser]: Tried to update now tor wont start
Next by thread: [tor-bugs] #20300 [- Select a component]: Unable to launch Tor browser
Index(es):
- Author
- Thread