On Thu, Oct 30, 2014 at 2:22 PM, <bm-2cuqbqhfvdhuy34zcpl3pngkplueeer...@bitmessage.ch> wrote: > Dear experts, > > Want to clarify some things: > > 1. The fignerprint of a Tor relay which is advertised in the direcotry > data is a SHA1 sum of which key? Sice now a relay has a secret onion key > and a secret key for Ntor.
Neither one; it's a fingerprint of the identity key. (That's the one called "signing-key" in the descriptors.) See section 1.1 of tor-spec.txt for a list of keys. > 2. The fingerprint (since it's a hash sum of the key) is what strengths > encryption between relays or clients and relays, kind of like a CA in SSL? > That is why the directory authorities sign the list of fingereprints - is > this correct? These identity key fingerprints are used to authenticate link encryption, to know you've done a TLS connection to the right node. They're used to sign all the other keys. > 3. How strong is Ntor compared to TAP? As I can see in latest Tor version > now clients prefer Ntor by default - are there any plans to deprecate TAP > in teh future? ntor is probably as strong as curve25519; TAP is probably as strong as dh1024. (So, ntor is probably far far stronger than TAP.) I'd like to deprecate TAP. Some time in the next 2-8 months, for instance, I'd like to make authorities reject relays that don't support ntor. That should be sufficient to stop clients running 0.2.4 and later from having to use TAP. > 4. The fingerprint is a SHA1 hash, as described in the papers. Any plans > to move in the immediate future to a stronger hash algorithm, like SHA256? I'm working on implementing proposal #220 right now, which migrates relay identities to (unhashed) Ed25519 keys. [tor-spec.txt] https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/tor-spec.txt [proposal 220] https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/220-ecc-id-keys.txt [implementation in progress] https://trac.torproject.org/projects/tor/ticket/12498 -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
