[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it

To: undisclosed-recipients:;
Subject: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 01 Apr 2012 02:46:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 31 Mar 2012 22:46:42 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5543: BridgePassword would be insecure if anybody used it
-------------------------------------+--------------------------------------
 Reporter:  nickm                    |          Owner:                    
     Type:  defect                   |         Status:  new               
 Priority:  major                    |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Directory Authority  |        Version:                    
 Keywords:                           |         Parent:                    
   Points:                           |   Actualpoints:                    
-------------------------------------+--------------------------------------
 The "BridgePassword" option, which a bridge authority can use to provide
 debugging information, has a stupid side-channel bug: it uses strcmp() to
 compare the received authenticator with the expected value.

 Fortunately, the bridge authority isn't (and hasn't been) using this
 option, so there is no actual target for the side-channel attack now.
 (Also, it's pretty hard to get fine-grained timing information out of a
 loaded Tor server. But we shouldn't count on that.)

 The right short-term fix is probably to hash the BridgePassword when it is
 set, and then to hash any any provided authenticator and compare it
 against the hashed value.

 The right longer-term fix is to replace BridgePassword with something akin
 to HashedControlPassword, or to remove it entirely.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5543>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #4162 [RPM packaging]: arm/torctl rpms for deb.tpo
Next by Author: Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
Previous by thread: [tor-bugs] #5542 [EFF-HTTPS Everywhere]: Exception Object HTTP->HTTPS redirection in Firefox
Next by thread: Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
Index(es):
- Author
- Thread