[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13696 [Tor]: Use syscall-based entropy reading where possible.

Subject: Re: [tor-bugs] #13696 [Tor]: Use syscall-based entropy reading where possible.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 29 Nov 2015 15:59:45 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 29 Nov 2015 10:59:55 -0500
In-reply-to: <045.a9b10d78436d30d03cb97235b442019a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.a9b10d78436d30d03cb97235b442019a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13696: Use syscall-based entropy reading where possible.
-------------------------+------------------------------
 Reporter:  nickm        |          Owner:  yawning
     Type:  enhancement  |         Status:  needs_review
 Priority:  Medium       |      Milestone:  Tor: 0.2.???
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:  tor-relay    |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------
Changes (by yawning):

 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:14 teor]:
 > I'm still ok with implementing the call to SecRandomCopyBytes on OS X /
 iOS, because it has better semantics (lower failure rate).

 This sounds reasonable.  The non-Dual EC DRBG constructs in SP 800-90 are
 secure as far as I know.  You say it uses ECB, but that's just because
 they're implementing CTR mode right?

 I'm comfortable with the branch the way it is, but it's probably best if
 nickm gives further feedback regarding the things from the review that I
 didn't want to change.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13696#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #8981 [Tor Browser]: Segfault after extended use in imgCacheValidator::OnStartRequest (mRequest is null when channelURI is non-null)
Next by Author: Re: [tor-bugs] #17713 [Tor]: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on start with "NO_NEW_PRIVILEGES"
Previous by thread: Re: [tor-bugs] #13696 [Tor]: Use syscall-based entropy reading where possible.
Next by thread: [tor-bugs] #17687 [Tor]: crypto_strongest_rand() failures should be fatal(?)
Index(es):
- Author
- Thread