On 22 Jul 2017, at 00:07, David Goulet dgoulet@ev0ke.net wrote:
On 22 Jul (00:02:33), teor wrote:
Hi all,
At the moment, Tor uses SHA1 for the running digests of circuit cell payloads.
Some of the prop224 code seems to use SHA256 for the digests for client to service rendezvous circuits. But that's not in the spec yet (see #22995 at [0]).
That is not accurate. It uses SHA3, notice DIGEST_SHA3_256 in circuit_init_cpath_crypto():
if (is_hs_v3) { digest_len = DIGEST256_LEN; cipher_key_len = CIPHER256_KEY_LEN; cpath->f_digest = crypto_digest256_new(DIGEST_SHA3_256); cpath->b_digest = crypto_digest256_new(DIGEST_SHA3_256); } ...
Oops, missed the "3".
We still need to think about how we migrate hashes, because all hashes break eventually: https://valerieaurora.org/hash.html
And I am concerned that we might be hard-coding either SHA1 or SHA3-256 in the v3 hidden service protocol.
The following handshakes depend on version information in the HSv3 protocol: * client to intro, * service to rend, and * client to service. They can't use version information from the consensus.
I've opened a ticket for this:
https://trac.torproject.org/projects/tor/ticket/23010
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------