[tor-bugs] #5011 [Pluggable transport]: Discuss possible designs for an external program that discovers bridge addresses to tell Tor about them

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 13 04:05:23 UTC 2012


#5011: Discuss possible designs for an external program that discovers bridge
addresses to tell Tor about them
---------------------------------+------------------------------------------
 Reporter:  karsten              |          Owner:  mikeperry
     Type:  task                 |         Status:  new      
 Priority:  normal               |      Milestone:           
Component:  Pluggable transport  |        Version:           
 Keywords:  MikePerry201203      |         Parent:  #5010    
   Points:                       |   Actualpoints:           
---------------------------------+------------------------------------------

Comment(by nickm):

 Replying to [comment:12 mikeperry]:
 > > So it's important to make sure that this kind of attack won't work.
 >
 > Yeah, you're right. For best practice, BridgeFinder should create a way
 for BridgeFinderHelper to authenticate. I was hoping not to have to solve
 that.. What's the best option? Some sort of filesystem-based cookie
 authentication? BridgeFinder's simple control port barfs a file path for
 BridgeFinderHelper to read from? What about BridgeFinderHelpers that can't
 read arbitrary file paths? (I think Chrome extensions fall into this
 category).

 So as a first step, make the data format reject partially-bogus messages,
 or messages with junk at the start.  That'll make some  standard cross-
 protocol attacks harder.

 Second, once the BridgeFinder and whoever needs to use it share a secret,
 they can authenticate  pretty easily; possibly with a simple HMAC
 challenge-response system.  (That'd be ideal; see discussions on #5185).
 So the only hard part is making sure they share a secret.

 How were you planning for the Chrome extension or the Warcraft plugin or
 whatever to learn the port of the bridgefinder ?  Presumably they could
 learn the shared secret via the same channel.  Finding an appropriate
 channel for esoterically sandboxed stuff is likely to require specific
 work depending on the details of the sandbox; I don't know enough about
 Chrome plugins to know what mechanism would work.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5011#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list