[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor 0.2.7.6 is released
>> Tor version 0.2.7.6 fixes a major bug in entry guard selection,
>
>> - Actually look at the Guard flag when selecting a new directory
>> guard. When we implemented the directory guard design, we
>> accidentally started treating all relays as if they have the Guard
>> flag during guard selection, leading to weaker anonymity and worse
>> performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
>> by Mohsen Imani.
>
> Is this bug found also in 0.2.6.10, or only in 0.2.7.5?
the changelog says "bugfix on 0.2.4.8-alpha" which means all tor
releases since 0.2.4.8-alpha and released before 2015-12-10 are affected.
The trac entry is tagged with: 024-backport 025-backport 026-backport
As you can see on gitweb.torproject.org Nick is preparing some more releases
https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.4
https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.5
https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.6
but most ordinary users will probably (and should) just use torbrowser
and the tor version that comes with it (so we might see an update there
soon?)
> What does "weaker anonymity" mean exactly? How big is the risk? Can this
> bug lead to deanonymization?
https://blog.torproject.org/blog/tor-0276-released wrote:
> For more information on the guard bug, see Roger's preliminary analysis
> https://trac.torproject.org/projects/tor/ticket/17772#comment:1
If you want to read more about directory guards (compared to an entry
guards):
https://gitweb.torproject.org/torspec.git/tree/proposals/207-directory-guards.txt
https://trac.torproject.org/projects/tor/ticket/6526
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk