Jesse V:
> Hey everyone,
Hi Jesse, thanks for brainstorming on this.
> A few days ago, I had a thought about choosing Tor guard nodes from
> within Tails. Since Tails doesn't save its state, Tails users pick up
> new Tor guard nodes at every restart. This compromises the defenses that
> Tor guards have, such as statistically preventing users from rotating to
> compromised Tor entry nodes.
Did you know about the blueprint that intrigeri and anonym wrote about
"persistent Tor state":
https://tails.boum.org/blueprint/persistent_Tor_state/
This should solve your concern whenever there's a persistent storage.
> However, what if Tails prompted the user for a passphase or a series of
> words that was then used to select the Tor guards? If the user types in
> a string X, then we can seed a PRNG with the hash of X, then use the
> PRNG to select a set of Tor guard nodes. It's probably possible to
> define the guards by communicating with Tor's control port, or you could
> also write them directly into Tor's state file before starting Tor.
>
> For example, if the user types in "correct horse battery staple",
> then we can run this through SHA-256, producing
> 73fe04e5a7a16dbe16492a8773036db1646d87e22337b1c64aae0afab788b626
> This hash then initializes the Mersenne Twister PRNG, which then
> scrambles the list of Tor relays with the Guard flag. The first three
> nodes are then written for Tor to use. I'm sure there's a way to weigh
> the selection by consensus weight in the normal Tor fashion, but this
> should basically work.
>
> I think it's important that a hash is used in order to mask any
> identifiable words that are in the initial seed. It also has the
> advantage of avoiding some of the (potential) problems with certain
> seeds of Mersenne Twister, so I think this is a good idea in general.
>
> What do you guys think? Has this been proposed before?
This looks like what has been considered in the second bullet point of
"Discarded ideas" on this blueprint. Note that if I understand the
blueprint correctly, it has been "discarded" as a good option for the
entropy pool but not for the persistent Tor state.
So, maybe you're option would be good as a fallback for when there is no
persistent storage. I also thought that instead of asking for another
passphrase we could use the administration password if any.