[tor-bugs] #5761 [TorBrowserButton]: Decide if it's safe to pass the Dooble around the Tor Community

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat May 5 22:11:53 UTC 2012 

#5761: Decide if it's safe to pass the Dooble around the Tor Community
---------------------------------+------------------------------------------
    Reporter:  mike123           |       Owner:  mike123 
        Type:  enhancement       |      Status:  reopened
    Priority:  normal            |   Milestone:          
   Component:  TorBrowserButton  |     Version:          
  Resolution:                    |    Keywords:          
      Parent:                    |      Points:          
Actualpoints:                    |  
---------------------------------+------------------------------------------

Comment(by mike123):

 cool, this man is an excellent expert.
 from reading it, very deep looking into doobles code and knowing of what
 is spoken.
 I though think that the question, if a passpharase is secure enough to
 encrypt cookies, is a little bit too detailed, as dooble is the only
 browser worldwide, which has a tresor and safe. If the users wants to wash
 out cookies or history data, there is an auto function to do that, or just
 use the non-auth session, which is like a portable usb stick version.

 here is what the developer answers:

 It is not practical for Dooble to question the validity of all of the
 libraries that it uses. My approach is to report errors and proceed in
 some predictable fashion. There are known issues with Qt, with Qt on X11,
 with Qt on OS X, etc. Dooble uses the libraries as best as it can.
 Questioning every dependency requires a level of paranoia that Dooble is
 not comfortable with.

 "I expect any function which claims to encrypt data to either output a
 ciphertext or report an error. No program should ever silently use
 plaintext as if it were ciphertext, even if an error occurs while trying
 to encrypt a message."

 The method is required to return a buffer of bytes. If it fails
 internally, it reports the error and returns the original buffer. Its
 failure is deemed acceptable. Dooble's intent is to provide a crisp
 browsing experience. It does so by tolerating some mishaps. An assortment
 of operations would need to be placed in atomic transactions if the method
 is modified to return an empty buffer or some other value. Since the
 method is used for recording information to databases, its failure is
 completely acceptable.

 Impressive critique.
 "

 And I think this is just the point on the i, what you found out, but
 dooble is of course usable to browse over tor and to easily destroy the
 cookies on the usb stick or the desktop installation. or, if one bookmark
 should be kept, this can be done in a tresor, no other browser has
 encrypted bookmarks, this is awesome, and I think tor customers and dooble
 intents meet in a perfect match of requirements.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5761#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list