Re: [tor-relays] security update for obfs4proxy

[meskio <meskio@xxxxxxxxxxxxxx>]

Quoting Toralf Förster (2022-10-14 18:08:38)
> On 10/14/22 11:28, meskio wrote:
> > The latest version of obfs4proxy (0.0.14) comes with an important security fix.
> 
> Is there a Changelog available ?

The upstream changelog is here:
https://gitlab.com/yawning/obfs4/-/blob/master/ChangeLog
But I understand is not easy to understand what the problem is from that
changelog.

I was pointed out today that "important security fix" might be confusing. To be
clear this is 'obfuscation' security fix, this means before 0.0.14 it was
possible for an observer on the network to distinguish obfs4 traffic. So is a
security problem from the obfs4 user perspective.

But is not any risk for bridge operators. An attacker can *not* exploit this
issue to do any harm to the operator.

-- 
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.

Attachment: signature.asc
Description: signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays