[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
Reporter: kaepora | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by kaepora):
It appears that none of our primitives are even slightly constant time.
But in response to this I must ask: How likely is it that timing attacks
will be a danger in this context?
I am inclined to believe it to be unlikely: The ciphertext will be sent
and received from different browser versions, run on different operating
systems using different hardware. The risk of precisely consistent timing
is extremely minimal. Furthermore, the nature of the software design makes
it difficult for this sort of attack to be relevant. ''Note: If I'm saying
something wrong here, please correct me; I am not an expert on timing
attacks! ''
Per our discussion on IRC, I am going to work up some more documentation
regarding our protocol and software design, but I am just wondering
whether timing attacks are worth being a blocking issue here at all. What
are your thoughts?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs