[tor-dev] prop224: Deprecating SHA1 circuit digests
teor
teor2345 at gmail.com
Sun Jul 23 02:08:25 UTC 2017
> On 22 Jul 2017, at 00:07, David Goulet <dgoulet at ev0ke.net> wrote:
>
> On 22 Jul (00:02:33), teor wrote:
>> Hi all,
>>
>> At the moment, Tor uses SHA1 for the running digests of circuit cell
>> payloads.
>>
>> Some of the prop224 code seems to use SHA256 for the digests for
>> client to service rendezvous circuits. But that's not in the spec yet
>> (see #22995 at [0]).
>
> That is not accurate. It uses SHA3, notice DIGEST_SHA3_256 in
> circuit_init_cpath_crypto():
>
> if (is_hs_v3) {
> digest_len = DIGEST256_LEN;
> cipher_key_len = CIPHER256_KEY_LEN;
> cpath->f_digest = crypto_digest256_new(DIGEST_SHA3_256);
> cpath->b_digest = crypto_digest256_new(DIGEST_SHA3_256);
> } ...
Oops, missed the "3".
We still need to think about how we migrate hashes, because all hashes
break eventually:
https://valerieaurora.org/hash.html
And I am concerned that we might be hard-coding either SHA1 or SHA3-256
in the v3 hidden service protocol.
The following handshakes depend on version information in the HSv3 protocol:
* client to intro,
* service to rend, and
* client to service.
They can't use version information from the consensus.
I've opened a ticket for this:
https://trac.torproject.org/projects/tor/ticket/23010
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170723/34a2165a/attachment.sig>
More information about the tor-dev
mailing list