[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle

#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  kaepora                   |          Owner:  erinn                        
     Type:  enhancement               |         Status:  new                          
 Priority:  normal                    |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor bundles/installation  |        Version:  Tor: unspecified             
 Keywords:                            |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by naif):

 I also think that timing attack vulnerabilities maybe something very
 difficult to exploit, or in a specific context not exploitable.

 So, given that javascrypt crypto primitives may have has such a behaviour,
 i am wondering how we can workaround that possible behaviour within the
 crypto protocol.

 What if we try to mitigate further exploitability of possibly present
 timing related vulnerability by introducing a "time padding".

 The adversary can only look "at the network", so the adversary would not
 be able to "sense" for possible timing squeeze on crypto, if all packets
 sent are scheduled to be sent at a specific time interval.

 Let's say that "each packets sent during the key negotiation/handshake"
 will be sent "rounded to the next 1 second, at the end of the next one
 second.

 That way the attackers should not be able to correlate anything related to
 timing, because on possibly timing sensitive cryptographic operation, we
 applied a "time pad".

 What do you think?

 -naif

 p.s. Along with CryptoCat, to make it available with TBB via TorHS, let's
 consider also the "Comfort loader" to increase usability
 https://trac.torproject.org/projects/tor/ticket/7046

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs