[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 01 Apr 2012 03:28:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 31 Mar 2012 23:28:22 -0400
In-reply-to: <045.683e269aff7981df55afdf24826a359b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.683e269aff7981df55afdf24826a359b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5543: BridgePassword would be insecure if anybody used it
-------------------------------------+--------------------------------------
 Reporter:  nickm                    |          Owner:                    
     Type:  defect                   |         Status:  needs_revision    
 Priority:  major                    |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Directory Authority  |        Version:                    
 Keywords:                           |         Parent:                    
   Points:                           |   Actualpoints:                    
-------------------------------------+--------------------------------------
Changes (by rransom):

  * status:  needs_review => needs_revision


Comment:

 Replying to [comment:1 nickm]:
 > Please review branch "bridgepassword" on 0.2.2.x in my public
 repository.

 `base64_encode` is probably not protected against side-channel leaks.  I
 don't know whether that's a problem; leaks there can only be exploited by
 observing the bridge authority while someone who knows BridgePassword
 fetches the consensus from it.

 If `alloc_http_authenticator` fails, `BridgePassword_AuthDigest` is
 silently not set.  That would be a royal PITA to debug if it could ever
 happen.

 Storing BridgePassword as a digest isn't what prevents timing attacks,
 it's what allows you to use a timing-attack-resistant comparison function
 with it.  (That's quite a subtle distinction, but still important enough
 to justify correcting the comment.)

 Other than that, looks good.


 > For fun, you can also see branch "di_strcmp" in my public repository:
 that's how you do a one-sided-data-independent strcmp, I think.  But the
 approach in "bridgepassword" is more solid, I think.

 `di_strcmp` is broken: it uses secret information (the length of `target`)
 to determine what memory location (`ba`) to read from.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5543#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3940 [Tor Client]: Allow MapAddress .exit even if AllowDotExit is 0
Next by Author: Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
Previous by thread: Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
Next by thread: Re: [tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
Index(es):
- Author
- Thread