[tor-bugs] #6538 [Tor Client]: Use bit-twiddling tricks to make choose-by-bandwith algorithm even more time-invariant
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Aug 21 21:21:09 UTC 2012
#6538: Use bit-twiddling tricks to make choose-by-bandwith algorithm even more
time-invariant
-------------------------+--------------------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
Replying to [comment:8 arma]:
> More generally, this appears to be a complex tweak to a theoretical
issue that is theoretically mostly solved in what we already merged? It
includes messings to our autoconf and lots of new code. Why is it
scheduled for 0.2.3? Or said another way, is the risk/reward ratio here
suitable for forcing it on all wheezy users at the next rc? I see the risk
as being somewhat low and the reward as being very low.
The risk is that somebody on your LAN (or a local eavesdropper, or your
entry node), can figure out about what your path is. Conservative wisdom
is that a fairly local attacker can detect 10-100ns timing leaks, and a
remote one can detect 1-10ms timing leaks. I'm especially worried about
slow mobile devices here.
Instead of calling the risk "low", do you mean "unproven" or something?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6538#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list