[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22963 [Core Tor/Tor]: Make relay integrity digests harder to guess by padding cells with random bytes
#22963: Make relay integrity digests harder to guess by padding cells with random
bytes
--------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: security | Actual Points:
Parent ID: #22948 | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by cypherpunks):
Replying to [comment:4 teor]:
> Replying to [comment:3 cypherpunks]:
> > Replying to [comment:2 teor]:
> > > we want that space to add future fields in
> > No, that's not a concern. It's easy to transmit whatever future stuff
may be wanted by using structure in the 'randomness', i.e. the way relays
currently recognize cells that are for them.
>
> This makes it hard to do what we did when we added IPv6 Exits, which was
to add a field with bits:
> 0: Use IPv4
> 0: Don't use IPv6
> 0: Prefer IPv6
>
> This worked because the field was zero in the old version of the cell.
>
> If it were random, then old clients would get a random selection of
these options.
> And at least one option combination is non-functional on most sites
(110) and several are either nonsensical or non-functional (1x0, x01,
00x).
Random data can be replaced with encrypted authenticated data, which can
be recognized as non-random by implementations that support it, keeping
compatibility with implementations that do use actual random data. Relays
currently recognize cells that are for them in this way.
> > And remember that the spec says it should be random, so other
implementations will have made it random.
>
> The spec says that padding cells should be filled with random bytes (but
tor doesn't do this, see #22948). But it says fixed-length non-padding
cells should be filled with zeroes after their payload. This ticket is
about changing the non-padding cell case.
Cells may be full, in which case user data will be there.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22963#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs