On Fri, Oct 2, 2009 at 10:50 AM, Brian Mearns <[email protected]> wrote: > On Fri, Oct 2, 2009 at 12:26 PM, Martin Fick <[email protected]> wrote: >> --- On Fri, 10/2/09, Brian Mearns <[email protected]> wrote: >> >>> > Perhaps I don't understand your suggestion, but how >>> > would a hash translate to a relay address? The >>> > maximum possible strength of a hash is related to the >>> > size of its address space, if this is limited to the >>> > number of relays available, it would be pretty weak. >>> > I would imagine that an 8 bit cpu is likely to be >>> > able to easily run through enough hash input >>> > combinations to get the address of any tor relay in >>> > the network, wouldn't they? >>> > >>> > -Martin >> ... >> > > Thank you very much for the additional feedback. I hadn't really > considered that this was a criteria of a hashing function, but I guess > it makes sense: if it's biased when fairly mapped to a smaller domain, > it would be biased in the full domain as well. For what it's worth, I > was using SHA-512.
Hello Brian, I believe that if you would have used a prime number of "buckets" then your hash result would have been greatly improved with respect to an even distribution. > > Interestingly, "Applied Cryptography" (by Bruce Schneier) briefly > discusses a distributed timestamping protocol that uses a hash of the > content to be stamped in order to select which nodes will provide the > stamp, the idea being that the requester can't simply choose to use > nodes he controls in order to forge the timestamp. The details are not > given, but it is mentioned that the hash is used to seed a PRNG, the > output of which is used to pick the nodes. I suppose this would suffer > from the same weakening effects of mapping the output into a smaller > domain. If there are only 2^N nodes to choose from, an attacker should > be able to get the one he wants by enumerating through about that many > different inputs. Of course, if he needs to choose 2 nodes, then I > guess he would need to enumerate through 2^(2N) input values to be > almost-guaranteed a hit (or maybe 2^(2N-1), since order doesn't > matter?) I suppose that's where the security comes from in that case. > > Regards, > -Brian > > -- > Feel free to contact me using PGP Encryption: > Key Id: 0x3AA70848 > Available from: http://keys.gnupg.net > *********************************************************************** > To unsubscribe, send an e-mail to [email protected] with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > Kasimir Gabert -- Kasimir Gabert *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
