[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle



#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  kaepora                   |          Owner:  erinn                        
     Type:  enhancement               |         Status:  new                          
 Priority:  normal                    |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor bundles/installation  |        Version:  Tor: unspecified             
 Keywords:                            |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by kaepora):

 Replying to [comment:19 mikeperry]:


 > kaepora: Is there a tag in your bugtracker so we can look over the bugs
 found as a result of the audit?

 The full audit report is available for download here:
 https://blog.crypto.cat/wp-content/uploads/2012/11/Cryptocat-2-Pentest-
 Report.pdf

 >
 > Also, if NSS is only used as a source of random bytes, you should
 consider using https://developer.mozilla.org/en-
 US/docs/XPCOM_Interface_Reference/nsIRandomGenerator. It uses NSS's PRNG
 underneath. The reason to avoid jsctypes is because it increases the
 vulnerability surface for sandboxed TBBs. We're pondering removing it if
 we ever get a working sandbox (see #6152).

 Thanks for this. Looks interesting and potentially beneficial. I will test
 to see if we can implement it within our framework and let you know.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs