Re: [tor-dev] Questions about "Tor Messenger CONIKS integration"

2016-04-20 Thread Go
Hi, For the first question: I understand that the private indices obfuscate the usernames. But when computing an index i for a username u, the CONIKS server will see u in plaintext rather than hashed or encrypted results of u (correct me if I'm wrong). In this case, a CONIKS server controlled by

Re: [tor-dev] Quantum-safe Hybrid handshake for Tor

2016-04-20 Thread Yawning Angel
On Wed, 20 Apr 2016 18:30:14 + (UTC) lukep wrote: > Beware that the definition of newhope has changed! The authors have > published a new version of this paper and some of the numbers are > different. The parameter for the binomial distribution has changed > from 12 to 16,

Re: [tor-dev] Questions about "Tor Messenger CONIKS integration"

2016-04-20 Thread Marcela S. Melara
Hi, I think Ismail was trying to answer your first question when he described the private indices in the CONIKS key directories. What these private indices do, in other words, is obfuscate the usernames in the directory, so an attacker who breaks into the server cannot see the usernames

Re: [tor-dev] Quantum-safe Hybrid handshake for Tor

2016-04-20 Thread lukep
Yawning Angel writes: > > On Sat, 2 Apr 2016 18:48:24 -0400 > Jesse V wrote: > > Again, I have very little understanding of post-quantum crypto and I'm > > just starting to understand ECC, but after looking over > >

Re: [tor-dev] Questions about "Tor Messenger CONIKS integration"

2016-04-20 Thread Go
Hi, Thanks for you quick reply. I still have few questions: 1. If one CONIKS server has been compromised, and I happen to register to this server; I guess the server can see my username in this case, right? 2. I found the ticket https://trac.torproject.org/projects/tor/ticket/17961. The answer

Re: [tor-dev] Latest state of the guard algorithm proposal (prop259) (April 2016)

2016-04-20 Thread Fan Jiang
Hi, > Hello Fan and team, > > I think I'm not a big fan of the pending_guard and pending_dir_guard > concept. To me it seems like a quick hack that tries to address fundamental > issues with our algorithm that appeared when we tried to adapt the > proposal to > the tor codebase. > > Yeah agree,