[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it



#5543: BridgePassword would be insecure if anybody used it
-------------------------------------+--------------------------------------
 Reporter:  nickm                    |          Owner:                    
     Type:  defect                   |         Status:  needs_revision    
 Priority:  major                    |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Directory Authority  |        Version:                    
 Keywords:                           |         Parent:                    
   Points:                           |   Actualpoints:                    
-------------------------------------+--------------------------------------
Changes (by rransom):

  * status:  needs_review => needs_revision


Comment:

 Replying to [comment:1 nickm]:
 > Please review branch "bridgepassword" on 0.2.2.x in my public
 repository.

 `base64_encode` is probably not protected against side-channel leaks.  I
 don't know whether that's a problem; leaks there can only be exploited by
 observing the bridge authority while someone who knows BridgePassword
 fetches the consensus from it.

 If `alloc_http_authenticator` fails, `BridgePassword_AuthDigest` is
 silently not set.  That would be a royal PITA to debug if it could ever
 happen.

 Storing BridgePassword as a digest isn't what prevents timing attacks,
 it's what allows you to use a timing-attack-resistant comparison function
 with it.  (That's quite a subtle distinction, but still important enough
 to justify correcting the comment.)

 Other than that, looks good.


 > For fun, you can also see branch "di_strcmp" in my public repository:
 that's how you do a one-sided-data-independent strcmp, I think.  But the
 approach in "bridgepassword" is more solid, I think.

 `di_strcmp` is broken: it uses secret information (the length of `target`)
 to determine what memory location (`ba`) to read from.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5543#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs