[tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Apr 1 02:46:29 UTC 2012
#5543: BridgePassword would be insecure if anybody used it
-------------------------------------+--------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Directory Authority | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
The "BridgePassword" option, which a bridge authority can use to provide
debugging information, has a stupid side-channel bug: it uses strcmp() to
compare the received authenticator with the expected value.
Fortunately, the bridge authority isn't (and hasn't been) using this
option, so there is no actual target for the side-channel attack now.
(Also, it's pretty hard to get fine-grained timing information out of a
loaded Tor server. But we shouldn't count on that.)
The right short-term fix is probably to hash the BridgePassword when it is
set, and then to hash any any provided authenticator and compare it
against the hashed value.
The right longer-term fix is to replace BridgePassword with something akin
to HashedControlPassword, or to remove it entirely.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5543>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list