[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.



#19206: SOCKS isolation should include a process identifier.
--------------------------------------+--------------------------
 Reporter:  yawning                   |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by yawning):

 Replying to [comment:2 arthuredelstein]:
 > Another possible option would be to use a random string per first-party
 domain (such as a random UUID for the password). That would mean we don't
 have to obtain the PID.

 This would work as well, obtaining enough randomness to ensure collisions
 are unlikely is dirt cheap, and I assume changing the new circuit for site
 behavior to simply re-randomize is easy enough.

 Is there any advantage to this behavior being configurable (beyond
 https://xkcd.com/1172/)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19206#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs