[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 222: Stop sending client timestamps

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 222: Stop sending client timestamps
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Thu, 22 Aug 2013 12:45:36 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 22 Aug 2013 12:45:51 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=0ZBK7eW/R8ErqD+IFFh9wjpa+MRbD+3vsZN7ovW9Grg=; b=mv35qbWuNruDAagwX97En1MZlh+vodibp2jrdiDuGmHSIAVfkIIcT1Cyw11rwnthUU ++Gb2NDedcBu9IOAup4mmcScZXaSbz3Mfy3XmMS3Xbz5SoJhZmdCd2xEEcAbXOtMi1/s 7qirGlk55M8nS/NL/SSc1XQtyTWwaOUeZ+ShiT0Dp150gZsEF0pKE2LnVgFwWqW2hCst Z0T09wsJxWaaFoL57oejS9Hn/l71ws2xbQve+uRGR40crLe5aGTjj8XjKdOcMV5nE+3R AHhkpxGEVw0mDcahswLTWoZj7zwL/A6tuHLBOjMa7y7DFau/sBjzCIfYlxwy8lvuBZLr mvqg==
In-reply-to: <87r4dlvg75.fsf@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuzkxsew2CiYtRxSkvZB=iyOE4Pnc78qq7FTqK-=PAf=0g@xxxxxxxxxxxxxx> <87r4dlvg75.fsf@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Thu, Aug 22, 2013 at 12:33 PM, George Kadianakis
<desnacked@xxxxxxxxxx> wrote:
 [...]
>> 2.2. AUTHENTICATE (server)
>>
>>    The AUTHENTICATE cell is not ordinarily sent by clients. It
>>    contains an 8-byte timestamp and a 16-byte random value.
>>    Instead, let's replace both with a 24-byte (truncated) HMAC of
>>    the current time, using a random key.
>>
>>    This will achieve the goal of including a timestamp in the
>>    cell (preventing replays even in the presence of bad entropy),
>>    while at the same time not including the time here.
>>
>
> Hey Nick,
>
> how does the client verify the contents of the AUTHENTICATE cell
> (including the timestamp), if the timestamp is encrypted with a random
> key?

Two points and a real answer.  The two points first:

* The authenticate cell is sent from a server initiator to a server
responder.  Clients never get them, and never verify them.

* HMAC isn't encryption. :)

The real answer:

* The contents of the timestamp are never actually checked; the
protocol only includes a timestamp there in a voodoo-like imitation of
the ClientRandom field.  The requirement is that there be _something_
in this position, and that the entire AUTHENTICATE cell be correctly
signed.

-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Proposal 222: Stop sending client timestamps
  - From: Nick Mathewson
- Re: [tor-dev] Proposal 222: Stop sending client timestamps
  - From: George Kadianakis

Prev by Author: [tor-dev] Proposal 222: Stop sending client timestamps
Next by Author: Re: [tor-dev] HSDir hash ring modification
Previous by thread: Re: [tor-dev] Proposal 222: Stop sending client timestamps
Next by thread: Re: [tor-dev] Proposal 222: Stop sending client timestamps
Index(es):
- Author
- Thread