[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10882 [Globe]: New server-side Globe should attempt to run full fingerprints through SHA-1 on client side if possible

Subject: Re: [tor-bugs] #10882 [Globe]: New server-side Globe should attempt to run full fingerprints through SHA-1 on client side if possible
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 11 Feb 2014 20:55:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 11 Feb 2014 15:55:58 -0500
In-reply-to: <047.183a8f6d71595c85c1b1403cd32bde96@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.183a8f6d71595c85c1b1403cd32bde96@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10882: New server-side Globe should attempt to run full fingerprints through SHA-1
on client side if possible
-----------------------------+------------------
     Reporter:  karsten      |      Owner:  rndm
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Globe        |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+------------------

Comment (by rndm):

 Replying to [comment:2 karsten]:
 > In fact, the JavaScript version of Globe browser could perform the same
 check as Globe server when receiving a response.  It could teach users not
 to put in their original fingerprint, because who knows, maybe next time
 they're searching using a non-JavaScript browser.  Also, they might wonder
 why the displayed fingerprint is different from what they typed in.

 The current implementation does the fingerprint check + hash and replaces
 the search input value and form action path (to redirect the form data to
 the search2 route). After that it triggers the form submit and the browser
 requests a result using the updated data.

 The problem is that I can't store the old "unhashed" fingerprint over a
 page load.
 I could solve this by moving rendering of search results to the client (if
 JS is enabled).

 Another way would be to tell the server to display a note that it used a
 hashed fingerprint and link to the "how do I search for my bridge" page.
 This note appears every time someone uses a 40char hex query.

 What do you think would be the better way? If you got any suggestions on
 how to solve this differently please tell me.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10882#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #10882 [Globe]: New server-side Globe should attempt to run full fingerprints through SHA-1 on client side if possible
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9162 [Tor]: get_configured_bridge_by_addr_port_digest() does not work well if digest == NULL
Next by Author: Re: [tor-bugs] #9896 [Tor bundles/installation]: DebugInfo files are not properly created with Firefox 24 ESR
Previous by thread: Re: [tor-bugs] #10882 [Globe]: New server-side Globe should attempt to run full fingerprints through SHA-1 on client side if possible
Next by thread: Re: [tor-bugs] #10882 [Globe]: New server-side Globe should attempt to run full fingerprints through SHA-1 on client side if possible
Index(es):
- Author
- Thread