diff options
author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2015-11-20 11:57:09 +1100 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-11-20 10:38:27 -0500 |
commit | 01e865d592ffcbb67a0e6631c56e5b8048ea6065 (patch) | |
tree | cb156e66e38eef4db6b349c6f68f2d10b5c3aa83 /proposals/224-rend-spec-ng.txt | |
parent | 01119bf1291a40aa309dfb7d76edf790133f05b9 (diff) | |
download | torspec-01e865d592ffcbb67a0e6631c56e5b8048ea6065.tar.gz torspec-01e865d592ffcbb67a0e6631c56e5b8048ea6065.zip |
prop224: use a different salt for each replica and upload
Use a different salt for each descriptor replica and upload,
to avoid matching encrypted blobs, which could be used to
link other replicas of the service.
If descriptors for different replicas cannot be linked, then it
becomes much harder for a malicious HSDir to discover other
replicas and attept to DoS them.
Diffstat (limited to 'proposals/224-rend-spec-ng.txt')
-rw-r--r-- | proposals/224-rend-spec-ng.txt | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index 2575136..612ca2c 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -919,7 +919,12 @@ Status: Draft The encrypted part of the hidden service descriptor is encrypted and authenticated with symmetric keys generated as follows: - salt = 16 random bytes + salt = 16 random bytes, different for each post to each replica, + even if the content of the descriptor hasn't changed. + (This avoids leaking service stability, and linking replicas + via encrypted data comparison.) + + [ XX/teor - is the extra load on the HSDirs worth it? ] secret_input = blinded_public_key | subcredential | INT_4(revision_counter) |