[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor 0.2.7.6 is released

>> Tor version 0.2.7.6 fixes a major bug in entry guard selection,
> 
>>     - Actually look at the Guard flag when selecting a new directory
>>       guard. When we implemented the directory guard design, we
>>       accidentally started treating all relays as if they have the Guard
>>       flag during guard selection, leading to weaker anonymity and worse
>>       performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
>>       by Mohsen Imani.
> 
> Is this bug found also in 0.2.6.10, or only in 0.2.7.5?

the changelog says "bugfix on 0.2.4.8-alpha" which means all tor
releases since 0.2.4.8-alpha  and released before 2015-12-10 are affected.

The trac entry is tagged with: 024-backport 025-backport 026-backport

As you can see on gitweb.torproject.org Nick is preparing some more releases
https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.4
https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.5
https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.6

but most ordinary users will probably (and should) just use torbrowser
and the tor version that comes with it (so we might see an update there
soon?)

> What does "weaker anonymity" mean exactly? How big is the risk? Can this 
> bug lead to deanonymization?


https://blog.torproject.org/blog/tor-0276-released wrote:
> For more information on the guard bug, see Roger's preliminary analysis
> https://trac.torproject.org/projects/tor/ticket/17772#comment:1


If you want to read more about directory guards (compared to an entry
guards):

https://gitweb.torproject.org/torspec.git/tree/proposals/207-directory-guards.txt
https://trac.torproject.org/projects/tor/ticket/6526
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk