Stretch-Hash-and-Truncate, the next step in DNS privacy

#1

dnscrypt-proxy 2.0.22 has just been released, fixing a caching but that was introduced in version
2.0.21.

But probably more interesting is a new technology that is likely to be part of the next major release: Stretch-Hash-and-Truncate.

Stretch-Hash-and-Truncate (SH&T) is a novel technique to drastically increase DNS privacy. It can work over DNS-over-HTTPS, but requires a specifically configured server.

A preliminary implementation has been merged to the development tree for testing: https://github.com/jedisct1/dnscrypt-proxy/commit/2d1dd7eaabc93d6d8669d3eaa05a759417e0c56b

Hoping to see Cloudflare deploy this technology on their servers soon.

1 Like
#2

Is there some wider context to this feature, outside of that commit? A spec?

This seems very interesting but I think that I don’t altogether understand what it is.

If you only send a digest of the query, from stub->recursor, what then?

If the recursor has seen the digest before, it can provide an answer.

If it hasn’t … then it has no way of recovering the plaintext query. What am I missing? :frowning:

#3

The date it was posted :slight_smile:

#4

:blush: - actual committing it was a nice touch!