[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30768 [Applications/Tor Browser]: Add hashed fingerprints to torrc when configuring bridges



#30768: Add hashed fingerprints to torrc when configuring bridges
--------------------------------------+-------------------------------
 Reporter:  irl                       |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:  Sponsor30-can
--------------------------------------+-------------------------------

Comment (by irl):

 As a sponsor got added here, I'll add a comment on priority for this.

 Most users are not going to go looking in their torrc file for bridge
 fingerprints to go and look up bridges on Relay Search. Of the ones that
 do get the fingerprint out, they may try and use other tools like
 torstatus to look up the fingerprint.

 Relay Search will hash the fingerprint before sending any request, so
 bridge lookups in Onionoo are actually double-hashed, but other tools
 might not do this. Leaking a non-hashed fingerprint can leak the location
 of the bridge in some cases.

 So I think this is a low-probability risk, but with higher impact as a
 single user might burn a bridge. There may be other places that users get
 fingerprints from (e.g. BridgeDB/moat) where we should be adding hashed
 fingerprints too.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30768#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs