[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network

Subject: Re: [tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 08 Dec 2015 23:17:34 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Dec 2015 18:17:41 -0500
In-reply-to: <044.9acd03e73562c532529de00cbfab999a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.9acd03e73562c532529de00cbfab999a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
 Reporter:  teor         |          Owner:
     Type:  enhancement  |         Status:  needs_review
 Priority:  Medium       |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor          |        Version:  Tor: unspecified
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:9 nickm]:
 > feature17694_strongest_027 starts this, based on the code for #17686.  I
 suggest it for inclusion in 0.2.8 only.  I'm going to extend it to know
 about other prngs.

 This patch only hashes the entropy used in keys.

 I don't think this achieves the overall goal: "make sure we never leak raw
 PRNG output to the network".

 We can easily leak raw PRNG output via salts, nonces and other randomly
 chosen values that are sent on the wire.

 Even our "random" choices of relays could leak some bits.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17776 [Tor]: Buffer over-reads in directory and rendcache tests
Next by Author: [tor-bugs] #17787 [Tor]: Improve address detection on multihomed relays
Previous by thread: Re: [tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Next by thread: Re: [tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Index(es):
- Author
- Thread