[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network



#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
 Reporter:  teor         |          Owner:
     Type:  enhancement  |         Status:  needs_review
 Priority:  Medium       |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor          |        Version:  Tor: unspecified
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------------

Comment (by yawning):

 Replying to [comment:14 teor]:
 > Depending on how it's implemented, the hashing has a performance cost of
 about -40% (if we hash an entire buffer, then use it for multiple small
 random calls) to +30% on Tor's typical input sizes.

 For the former case, that reads suspiciously like "re-implement libottery
 as a Hash_DRBG", sitting on top of another hash based CSPRNG (OpenSSL's).

 > > IMO that point now has been reached.  Others are free to disagree with
 me.
 >
 > To be clear, I'm agnostic on hashing PRNG output. But if we want to
 prevent leaking PRNG bits, we should hash all the bits that could be sent
 out from or be observed from outside the process.

 I'm mostly agnostic here.  I think anything more than what nickm's branch
 does warrants re-evaluating why we are doing this, and if there's a way to
 get what we want efficiently (since RAND_bytes() is hashing entropy from
 the system entropy source.  I'm not convinced that's not good enough, at
 all.).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs