[tor-bugs] #24366 [Core Tor/Tor]: compare_vote_rs() could check more fields for better SHA1 collision resistance

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 21 11:24:16 UTC 2017


#24366: compare_vote_rs() could check more fields for better SHA1 collision
resistance
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-dirauth, possible-consensus-     |  Actual Points:
  failure, needs-proposal?                       |
Parent ID:                                       |         Points:  2
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Ah, but hang on, there are some vote items that authorities do disagree
 about, like IPv6 ORPorts. So we should take them off the list:

 Comparing these is probably necessary, they have 128+ bits of entropy:
 * version
 * protocols
 * exitsummary
 * ~~ed25519_id~~
 * ~~ipv6_addr~~

 Comparing these might not be necessary, they only have a few bits:
 * ~~ipv6_orport~~
 * ~~measured_bw_kb / bandwidth_kb ?~~
 * ~~guardfraction_percentage~~

 I'm not sure if comparing these is necessary, they probably don't have
 enough bits to lead to a collision:
 * ~~flags / is_x (x is a flag name)~~
 * supports_x (x is a feature name) ?
 * has_guardfraction ?
 * ~~has_measured_bw~~
 * ~~has_ed25519_listing~~
 * ~~has_bandwidth~~
 * has_exitsummary

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24366#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list