Communication security

In order to enable cables communication users (which includes Liberté Linux users) to communicate with each other stealthily, a user is assigned a persistent e-mail address that looks as follows:

  gb24hw2hpihnj2eftkuz42fvp3l3nzoc @ 5rfvhdhbw7z4dcw6.onion
  gb24hw2hpihnj2eftkuz42fvp3l3nzoc @ ukeu3k5oycgabuneqgtnvselmt4yemvoilkln7jqvamvfx7ddkdq.b32.i2p

The user part of the address is a 32-character Base32 representation of user's master certificate fingerprint (the 160-bit SHA-1 cryptographic hash of a self-signed CA certificate encompassing an RSA-8192 public key).

The host part is the transport layer-dependent permanent hidden service ID. For Tor, which is the primary transport layer supported by cables communication, it is a 16-character Base32 representation of a half of Tor's hidden service RSA-1024 public key fingerprint (an 80-bit part of SHA-1 cryptographic hash), with an .onion domain suffix. For I2P, it is a 52-character Base32 encoding of eepSite's ElGamal-2048 public key SHA-256 fingerprint, with a .b32.i2p suffix.

In this way, message security (inability of the attacker to reveal the message contents) is independent of the transport layer security (inability of the attacker to reveal the contents of network traffc and the location of correspondents). This is important because, at present, Tor appears to disallow “too much” security by design:

  • RSA-1024 is universally used as a public key cipher (identity, onion, connection, and private keys, and likely for SSLv3 connections as well; although long-term directory authority identity keys are RSA-3072). This RSA key size is likely inadequate against a resourceful adversary such as the NSA/CSS. RSA-1024 provides only ~80 bits of security (see NIST SP 800-57 Part 1, §5.6.1).
  • AES-128 is used as a stream cipher, although this key size is not allowed for highly sensitive data protection in the government of USA (see CNSS Policy №15 FS №1).
  • SHA-1 80-MSB are used as the hidden service ID, offering at most 80 bits of security against hidden service impersonation. The security might be weaker than even that, since an MSB section of a cryptographic hash does not automatically inherit the second-preimage attack resistance properties of the original hash.

It therefore wouldn't be wise to rely on Tor's (or any other OR-like network, for that matter) transport layer security exclusively for privacy of highly sensitive communication. The Tor and I2P networks are, however, nevertheless useful as location obfuscation mechanisms.

Page last modified on 28-May-2012 06:23 MSD