[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10882 [Globe]: New server-side Globe should attempt to run full fingerprints through SHA-1 on client side if possible



#10882: New server-side Globe should attempt to run full fingerprints through SHA-1
on client side if possible
-----------------------------+------------------
     Reporter:  karsten      |      Owner:  rndm
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Globe        |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+------------------

Comment (by rndm):

 Replying to [comment:2 karsten]:
 > In fact, the JavaScript version of Globe browser could perform the same
 check as Globe server when receiving a response.  It could teach users not
 to put in their original fingerprint, because who knows, maybe next time
 they're searching using a non-JavaScript browser.  Also, they might wonder
 why the displayed fingerprint is different from what they typed in.

 The current implementation does the fingerprint check + hash and replaces
 the search input value and form action path (to redirect the form data to
 the search2 route). After that it triggers the form submit and the browser
 requests a result using the updated data.

 The problem is that I can't store the old "unhashed" fingerprint over a
 page load.
 I could solve this by moving rendering of search results to the client (if
 JS is enabled).

 Another way would be to tell the server to display a note that it used a
 hashed fingerprint and link to the "how do I search for my bridge" page.
 This note appears every time someone uses a 40char hex query.

 What do you think would be the better way? If you got any suggestions on
 how to solve this differently please tell me.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10882#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs