[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #8217 [Obfsproxy]: obfsproxy: obfs2: When deriving padding keys we truncate the shared-secret hash
#8217: obfsproxy: obfs2: When deriving padding keys we truncate the shared-secret
hash
-----------------------+----------------------------------------------------
Reporter: asn | Owner: asn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version: Obfsproxy: 0.1.4
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
In `derive_padding_key()` we do:
{{{
if (shared_seed_nonzero(state->secret_seed))
digest_update(c, state->secret_seed, OBFUSCATE_SEED_LENGTH);
}}}
`OBFUSCATE_SEED_LENGTH` should read `SHARED_SECRET_LENGTH`, similarly to
how it is in `derive_key()`.
This is a bug in obfsproxy `master`, and it will break compatibility with
any correct obfs2 implementations.
Good thing is that obfsproxy is going obsolete these days, so most (all?)
obfs2 shared-secret users will probably be using pyobfsproxy.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8217>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs