Dhalgren Tor transcribed 0.4K bytes: > https://www.openssl.org/news/secadv/20160503.txt > > In general I understand that padding oracle attacks are principally a > hazard for browser communications. Am assuming that updating OpenSSL > for this fix is not an urgent priority for a Tor Relay. > > If anyone knows different please comment. Hello, First, I am not a real cryptographer. However, the bug requires a client to resend the same plaintext data several times. In this case, for Tor, the underlying "plaintext" data is actually a Tor cell, encrypted at the circuit layer. We do not resend cells once a TLS connection breaks down (which it will, if this bug is triggered). Hence the bug cannot be triggered in Tor's case, since we do not resend the underlying data. Hope that explains clearly. Please feel free to ask questions if it doesn't. :) Best Regards, -- ââ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://fyb.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays