[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17799 [Tor]: Hash All PRNG output before use

Subject: Re: [tor-bugs] #17799 [Tor]: Hash All PRNG output before use
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 10 Dec 2015 19:32:56 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 10 Dec 2015 14:33:05 -0500
In-reply-to: <044.eda60ab9de4556a4c01a144dbe608152@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.eda60ab9de4556a4c01a144dbe608152@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17799: Hash All PRNG output before use
--------------------+------------------------------------
 Reporter:  teor    |          Owner:
     Type:  defect  |         Status:  needs_revision
 Priority:  Medium  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:  Tor: unspecified
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+------------------------------------

Comment (by yawning):

 I don't mind this in principle.

 But if we're *that* scared of OpenSSL's RAND_bytes(), we may as well wrap
 our newfangled PRNG construct in the appropriate OpenSSL struct and set it
 as the engine so that TLS and all the OpenSSL internal entropy requests
 use our thing as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17799#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17799 [Tor]: Hash All PRNG output before use
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17009 [Tor Browser]: Shift and Alt keys leak physical Keyboard layout
Next by Author: Re: [tor-bugs] #17799 [Tor]: Hash All PRNG output before use
Previous by thread: Re: [tor-bugs] #17799 [Tor]: Hash All PRNG output before use
Next by thread: Re: [tor-bugs] #17799 [Tor]: Hash All PRNG output before use
Index(es):
- Author
- Thread