[tor-bugs] #5543 [Tor Directory Authority]: BridgePassword would be insecure if anybody used it
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Apr 1 03:28:12 UTC 2012
#5543: BridgePassword would be insecure if anybody used it
-------------------------------------+--------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_revision
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Directory Authority | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
Changes (by rransom):
* status: needs_review => needs_revision
Comment:
Replying to [comment:1 nickm]:
> Please review branch "bridgepassword" on 0.2.2.x in my public
repository.
`base64_encode` is probably not protected against side-channel leaks. I
don't know whether that's a problem; leaks there can only be exploited by
observing the bridge authority while someone who knows BridgePassword
fetches the consensus from it.
If `alloc_http_authenticator` fails, `BridgePassword_AuthDigest` is
silently not set. That would be a royal PITA to debug if it could ever
happen.
Storing BridgePassword as a digest isn't what prevents timing attacks,
it's what allows you to use a timing-attack-resistant comparison function
with it. (That's quite a subtle distinction, but still important enough
to justify correcting the comment.)
Other than that, looks good.
> For fun, you can also see branch "di_strcmp" in my public repository:
that's how you do a one-sided-data-independent strcmp, I think. But the
approach in "bridgepassword" is more solid, I think.
`di_strcmp` is broken: it uses secret information (the length of `target`)
to determine what memory location (`ba`) to read from.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5543#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list