[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Choosing a name for a .onon

To: tor-talk <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Choosing a name for a .onon
From: Asheesh Laroia <asheesh@xxxxxxxxxxx>
Date: Fri, 30 Mar 2012 00:44:08 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 30 Mar 2012 00:50:22 -0400
In-reply-to: <CABqy+sqnW61HQmT-dJc3J-wcGYKxB=YWV1QiqpD1GgxNYyT3aw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CACbaT3aNMwz+WdcgpE11fR=pAF64EhE+ZY7sOT+Uyn7N1Ru_Eg@xxxxxxxxxxxxxx> <4f74f9ff.ee21320a.4b8f.4a36SMTPIN_ADDED@xxxxxxxxxxxxx> <CABqy+sqnW61HQmT-dJc3J-wcGYKxB=YWV1QiqpD1GgxNYyT3aw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Sup/0.11

Excerpts from Robert Ransom's message of Thu Mar 29 23:28:39 -0400 2012:
> On 2012-03-29, Seth David Schoen <schoen@xxxxxxx> wrote:
> 
> > There's a nice description of the possibility of creating a public key
> > with a chosen set of bits at the beginning or end at
> >
> > http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html
> >
> > although note that the Tor hidden service identifiers are 80 bits, while
> > PGP short key IDs are only 32 bits, so it's 2ââ times as hard to fake a
> > hidden service as it is to make a colliding PGP short key ID.  (Full PGP
> > fingerprints are 160 bits.)
> 
> In the old-style (PGP 2.x) key ID format, a portion of the public RSA
> modulus was directly used as the key ID.  The most
> difficult-to-implement algorithm that you could possibly want to use
> to attack that involves a lattice computation, and succeeds far faster
> than brute-force.
> 
> New-style (OpenPGP) key IDs are hashes of the public key; the only
> attack that can produce a desired key ID is brute-force search.
> (That's not hard though -- for RSA, generate a keypair in the usual
> manner, then change the public exponent (as Shallot does); for DSA or
> ElGamal, generate a keypair and then search for powers of the group
> generator and of the public key which lead to the desired hash.  Both
> attacks allow the brute-force search to be performed on computers
> which cannot be trusted to know the private key.)
> 
> So yes, short PGP key IDs are very bad news.  Avoid them if you can
> (but I doubt that you can).

Hi Robert,

As the author of that asheesh.org note, I suggest you read it carefully.
(-:

In particular, pay attention to how key timestamps are used in OpenPGP!
It's interesting and was surprising to me at first, too.

-- Asheesh.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Choosing a name for a .onon
  - From: Robert Ransom

References:
- [tor-talk] Choosing a name for a .onon
  - From: Adrian Crenshaw
- Re: [tor-talk] Choosing a name for a .onon
  - From: Robert Ransom

Prev by Author: [tor-talk] Tor on Incredible S
Next by Author: Re: [tor-talk] How can the video play in TBB without plagins?
Previous by thread: Re: [tor-talk] Choosing a name for a .onon
Next by thread: Re: [tor-talk] Choosing a name for a .onon
Index(es):
- Author
- Thread