[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] note another potential security problem with generating key...

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] note another potential security problem with generating key...
From: arma@xxxxxxxx
Date: Sat, 6 Aug 2005 12:50:53 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Sat, 06 Aug 2005 12:51:05 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Update of /home/or/cvsroot/tor/src/common
In directory moria:/tmp/cvs-serv30581

Modified Files:
	crypto.c 
Log Message:
note another potential security problem with generating key material
from our DH handshake.


Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/common/crypto.c,v
retrieving revision 1.148
retrieving revision 1.149
diff -u -d -r1.148 -r1.149
--- crypto.c	5 Aug 2005 22:08:57 -0000	1.148
+++ crypto.c	6 Aug 2005 16:50:51 -0000	1.149
@@ -1458,6 +1458,12 @@
   }
   secret_len = result;
   /* sometimes secret_len might be less than 128, e.g., 127. that's ok. */
+  /* Actually, http://www.faqs.org/rfcs/rfc2631.html says:
+   *   Leading zeros MUST be preserved, so that ZZ occupies as many
+   *   octets as p. For instance, if p is 1024 bits, ZZ should be 128
+   *   bytes long.
+   * What are the security implications here?
+   */
   for (i = 0; i < secret_bytes_out; i += DIGEST_LEN) {
     secret_tmp[secret_len] = (unsigned char) i/DIGEST_LEN;
     if (crypto_digest(hash, secret_tmp, secret_len+1))

Prev by Author: [or-cvs] patches to the abuse faq as suggested by chris
Next by Author: [or-cvs] ok, so now it was just redundant. nick, do you recall what ...
Previous by thread: [or-cvs] German updates
Next by thread: [or-cvs] Shorten hidden service port config parsing; fix bug 174
Index(es):
- Author
- Thread