[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by yawning):
Replying to [comment:12 teor]:
> I don't think this achieves the overall goal: "make sure we never leak
raw PRNG output to the network".
>
> We can easily leak raw PRNG output via salts, nonces and other randomly
chosen values that are sent on the wire.
>
> Even our "random" choices of relays could leak some bits.
At some point this becomes rather silly, not to mention expensive, to the
point where "We should ditch OpenSSL's CSPRNG, if we don't trust it if
state gets exposed somehow instead of always passing output through extra
hash functions" becomes compelling.
IMO that point now has been reached. Others are free to disagree with me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs