Tails

#1 Updated by intrigeri 2015-04-08 20:28:23

To start with, I totally agree that a magnet link would be a total UX win. So I’m very happy that this is being considered!

> Also note that in Feature #8832 we discussed the fact that providing signature of the torrent file itself has little security implication.

My understanding is rather that Feature #8832 was about shipping the signature among the files downloaded by the BitTorrent software, not about the detached signature of the Torrent file itself.

> So providing a magnet link would have the same security properties as a torrent without OpenPGP signature.

May you please clarify what you mean with “a torrent without OpenPGP signature”? Is that a Torrent that downloads just the ISO (as discussed on Feature #8832), or anything else?

Also, I easily admit that I have basically no clue about magnet links, at some point more information would help evaluating the security of the proposal:

• do magnet links encode a HTTP URL somehow?
• do magnet links encode hashes of the resources — equivalent of a .torrent file — that the BitTorrent client will download, in order to know how to download the actual files the user wants? if yes, do BitTorrent clients verify such hashes?

Cheers!

#2 Updated by Dr_Whax 2018-08-30 15:18:01

intrigeri wrote:
> To start with, I totally agree that a magnet link would be a total UX win. So I’m very happy that this is being considered!
>
> > Also note that in Feature #8832 we discussed the fact that providing signature of the torrent file itself has little security implication.
>
> My understanding is rather that Feature #8832 was about shipping the signature among the files downloaded by the BitTorrent software, not about the detached signature of the Torrent file itself.
>
> > So providing a magnet link would have the same security properties as a torrent without OpenPGP signature.
>
> May you please clarify what you mean with “a torrent without OpenPGP signature”? Is that a Torrent that downloads just the ISO (as discussed on Feature #8832), or anything else?
>
> Also, I easily admit that I have basically no clue about magnet links, at some point more information would help evaluating the security of the proposal:
>
> * do magnet links encode a HTTP URL somehow?

I quote: https://en.wikipedia.org/wiki/Magnet_URI_scheme

> Magnet URIs consist of a series of one or more parameters, the order of which is not significant, formatted in the same way as query strings that ordinarily terminate HTTP URLs. The most common parameter is “xt” (“exact topic”), which is generally a URN formed from the content hash of a particular file.

> * do magnet links encode hashes of the resources — equivalent of a .torrent file — that the BitTorrent client will download, in order to know how to download the actual files the user wants? if yes, do BitTorrent clients verify such hashes?

Yes, magnet links encode a sha1 hex encoded hash.

> These are hex-encoded SHA-1 hash sums of the “info” sections of BitTorrent metafiles as used by BitTorrent to identify downloadable files or sets of files. For backwards compatibility with existing links, clients should also support the Base32 encoded version of the hash.

The format is:

<code class="c"> xt=urn:btih:[ BitTorrent Info Hash (Hex) ]
</code>

Then the bittorrent clients verify these hashes to say, OK, this magnet is not corrupt and we can find the stuff in either the tracker or the “swarm”