[tbb-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 10 03:23:55 UTC 2016


#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------------------+-------------------------
 Reporter:  entr0py                              |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:  Tor:
                                                 |  0.2.8.9
 Severity:  Major                                |     Resolution:
 Keywords:  socksauth first-party base-url       |  Actual Points:
  domain                                         |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by entr0py):

 Looking at a related ticket, Initialize the SOCKS password to random
 offset at start
 (https://trac.torproject.org/projects/tor/ticket/18787)

 It may be the case that the random nonce is a feature of the alpha
 browsers and not implemented in TBB-stable. If so, does the stable
 password increment only for dirty circuits? In my testing, neither `New
 Identity` nor browser restart incremented the password, which becomes an
 issue when using TBB with system Tor as filed in this ticket: make closing
 and restart of Tor Browser as good as New Identity
 (https://trac.torproject.org/projects/tor/ticket/20479)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list