[Freedombox-discuss] Freedombox threat model
intrigeri
intrigeri+freedombox at boum.org
Sun Jul 17 01:54:01 UTC 2011
Hi,
erik.e.harmon at gmail.com wrote (01 Jul 2011 17:09:38 GMT) :
> Tor could actually solve a lot of problems here, I agree. Another
> thing is, the hidden server address of your server is a hash of your
> routing/crypto key, and so it could partially solve the initial
> contact routing problem.
I very much like the idea of using and providing services hosted on a
FreedomBox reachable through a Tor hidden service, but I'm not sure
this hash would be a strong enough identifier to solve the problem
you're talking of.
Excerpt from address-spec.txt in the torspec Git repository¹:
SYNTAX: [digest].onion
The digest is the first eighty bits of a SHA1 hash of the identity key for
a hidden service, encoded in base32.
I've been told these 80 bits are not that much; I've been told it not
that hard to generate a key pair for a Tor hidden service so that it
matches a given arbitrary .onion name; I seem to remember I've even
seen published software (called Shallot IIRC) that renders the whole
process easy and doable on commodity hardware. To be confirmed by
actual testing and/or cryptography knowledge.
If it's confirmed this identifier is not enough, it does not mean at
all that Tor hidden services should be disregarded, but merely that
they do not offer, for free, the added benefit of solving a great part
of the "service name <-> communication public key" verification
problem.
1. git://git.torproject.org/torspec.git
Bye,
--
intrigeri <intrigeri at boum.org>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Do not be trapped by the need to achieve anything.
| This way, you achieve everything.
More information about the Freedombox-discuss
mailing list