[tor-bugs] #24366 [Core Tor/Tor]: compare_vote_rs() could check more fields for better SHA1 collision resistance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 21 11:24:16 UTC 2017
#24366: compare_vote_rs() could check more fields for better SHA1 collision
resistance
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-dirauth, possible-consensus- | Actual Points:
failure, needs-proposal? |
Parent ID: | Points: 2
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by teor):
Ah, but hang on, there are some vote items that authorities do disagree
about, like IPv6 ORPorts. So we should take them off the list:
Comparing these is probably necessary, they have 128+ bits of entropy:
* version
* protocols
* exitsummary
* ~~ed25519_id~~
* ~~ipv6_addr~~
Comparing these might not be necessary, they only have a few bits:
* ~~ipv6_orport~~
* ~~measured_bw_kb / bandwidth_kb ?~~
* ~~guardfraction_percentage~~
I'm not sure if comparing these is necessary, they probably don't have
enough bits to lead to a collision:
* ~~flags / is_x (x is a flag name)~~
* supports_x (x is a feature name) ?
* has_guardfraction ?
* ~~has_measured_bw~~
* ~~has_ed25519_listing~~
* ~~has_bandwidth~~
* has_exitsummary
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24366#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list