Stretch-Hash-and-Truncate, the next step in DNS privacy

dnscrypt-proxy 2.0.22 has just been released, fixing a caching but that was introduced in version

But probably more interesting is a new technology that is likely to be part of the next major release: Stretch-Hash-and-Truncate.

Stretch-Hash-and-Truncate (SH&T) is a novel technique to drastically increase DNS privacy. It can work over DNS-over-HTTPS, but requires a specifically configured server.

A preliminary implementation has been merged to the development tree for testing: Add Stretch-Hash-and-Truncate option for extreme DNS privacy · DNSCrypt/dnscrypt-proxy@2d1dd7e · GitHub

Hoping to see Cloudflare deploy this technology on their servers soon.

1 Like

Is there some wider context to this feature, outside of that commit? A spec?

This seems very interesting but I think that I don’t altogether understand what it is.

If you only send a digest of the query, from stub->recursor, what then?

If the recursor has seen the digest before, it can provide an answer.

If it hasn’t … then it has no way of recovering the plaintext query. What am I missing? :frowning:

The date it was posted :slight_smile:

:blush: - actual committing it was a nice touch!